【YC的寻路青春】

大概要做的事情有这些

建一个自己的 - namespace

yc

盖接线生 - prometheus-operator

ServiceAccountClusterRoleBindingDeploymentService

盖alertmanager

ServiceAccountSecretAlertmanagerServiceIngress

盖prometheus

ServiceAccountClusterRoleClusterRoleBindingPrometheusServiceIngress

盖serviceMonitor

PrometheusAlertmanagerprometheus-operator

像是kinds: Prometheus、Alertmanager、serviceMonitor
我的写法就是vi Prometheus.yaml
然后把要的内容複製贴上
然后:wq
你就可以在ls里面看到你刚刚建立的yaml档啰
然后
kubectl apply -f Prometheus.yaml

这张顺序图画的很讚

参考来源 :　https://dbaplus.cn/news-134-3247-1.html

建一个自己的 - namespace

yc

kind: NamespaceapiVersion: v1metadata:  name: ycspec:  finalizers:    - kubernetes

盖接线生 - prometheus-operator

ServiceAccountClusterRoleBindingDeploymentService

apiVersion: v1kind: ServiceAccountmetadata:  labels:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator    app.kubernetes.io/version: v0.44.1  name: prometheus-operator-yc  namespace: yc

apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  labels:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator    app.kubernetes.io/version: v0.44.1  name: prometheus-operator-ycroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: prometheus-operatorsubjects:- kind: ServiceAccount  name: prometheus-operator  namespace: yc

apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator    app.kubernetes.io/version: v0.44.1  name: prometheus-operator  namespace: ycspec:  replicas: 1  selector:    matchLabels:      app.kubernetes.io/component: controller      app.kubernetes.io/name: prometheus-operator  template:    metadata:      labels:        app.kubernetes.io/component: controller        app.kubernetes.io/name: prometheus-operator        app.kubernetes.io/version: v0.44.1    spec:      containers:      - args:        - --kubelet-service=kube-system/kubelet        - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1        image: quay.io/prometheus-operator/prometheus-operator:v0.44.1        name: prometheus-operator        ports:        - containerPort: 8080          name: http        resources:          limits:            cpu: 200m            memory: 200Mi          requests:            cpu: 100m            memory: 100Mi        securityContext:          allowPrivilegeEscalation: false      - args:        - --logtostderr        - --secure-listen-address=:8443        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305        - --upstream=http://127.0.0.1:8080/        image: quay.io/brancz/kube-rbac-proxy:v0.8.0        name: kube-rbac-proxy        ports:        - containerPort: 8443          name: https        securityContext:          runAsGroup: 65532          runAsNonRoot: true          runAsUser: 65532      nodeSelector:        beta.kubernetes.io/os: linux      securityContext:        runAsNonRoot: true        runAsUser: 65534      serviceAccountName: prometheus-operator-yc

apiVersion: v1kind: Servicemetadata:  labels:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator    app.kubernetes.io/version: v0.44.1  name: prometheus-operator  namespace: ycspec:  clusterIP: None  ports:  - name: https    port: 8443    targetPort: https  selector:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator

盖一个
ServiceAccount : prometheus-operator-yc
ClusterRoleBinding : prometheus-operator-yc
所以Deployment里面有一行
serviceAccountName: prometheus-operator-yc

盖alertmanager

ServiceAccountSecretAlertmanagerServiceIngress

apiVersion: v1kind: ServiceAccountmetadata:  name: alertmanager-main  namespace: yc

apiVersion: v1kind: Secretmetadata:  name: alertmanager-main  namespace: ycstringData:  alertmanager.yaml: |-    "global":      "resolve_timeout": "5m"      "slack_api_url": "https://hooks.slack.com/services/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"    "receivers":    - "name": "slack-notifications"      "slack_configs":      - "channel": "456"    "route":      "receiver": "slack-notifications"      "repeat_interval": "12h"  type: Opaque

apiVersion: monitoring.coreos.com/v1kind: Alertmanagermetadata:  labels:    alertmanager: main  name: main  namespace: ycspec:  externalUrl: https://自己填/alertmanager-test-yc  image: quay.io/prometheus/alertmanager:v0.21.0  nodeSelector:    kubernetes.io/os: linux  replicas: 3  securityContext:    fsGroup: 2000    runAsNonRoot: true    runAsUser: 1000  serviceAccountName: alertmanager-main  version: v0.21.0

apiVersion: v1kind: Servicemetadata:  labels:    alertmanager: main  name: alertmanager-main  namespace: ycspec:  ports:  - name: web    port: 9093    targetPort: web  selector:    alertmanager: main    app: alertmanager  sessionAffinity: ClientIP

kind: IngressapiVersion: networking.k8s.io/v1beta1metadata:  name: alertmanager  namespace: yc  annotations:    appgw.ingress.kubernetes.io/backend-path-prefix: /    appgw.ingress.kubernetes.io/connection-draining: 'true'    appgw.ingress.kubernetes.io/connection-draining-timeout: '30'    appgw.ingress.kubernetes.io/cookie-based-affinity: 'true'    appgw.ingress.kubernetes.io/ssl-redirect: 'true'    cert-manager.io/cluster-issuer: letsencrypt-production    kubernetes.io/ingress.allow-http: 'false'    kubernetes.io/ingress.class: azure/application-gatewayspec:  tls:    - hosts:        - 自己填      secretName: 自己填 记得要去盖secret  rules:    - host: 自己填      http:        paths:          - path: /alertmanager-test-yc/*            pathType: ImplementationSpecific            backend:              serviceName: alertmanager-main              servicePort: 9093

---

盖prometheus

ServiceAccountClusterRoleClusterRoleBindingPrometheusServiceIngress

apiVersion: v1kind: ServiceAccountmetadata:  name: prometheus-k8s-test  namespace: yc

apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  name: prometheus-k8s-test-ycrules:- apiGroups:  - ""  resources:  - nodes  - services  - endpoints  - pods  verbs: ["get", "list", "watch"]- nonResourceURLs:  - /metrics  verbs:  - get

apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: prometheus-k8s-test-ycroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: prometheus-k8s-test-ycsubjects:- kind: ServiceAccount  name: prometheus-k8s-test  namespace: yc

apiVersion: monitoring.coreos.com/v1kind: Prometheusmetadata:  labels:    prometheus: k8s  name: k8s  namespace: ycspec:  externalUrl: https://自己填/prometheus-test-yc  alerting:    alertmanagers:    - name: alertmanager-main      namespace: yc      port: web  image: quay.io/prometheus/prometheus:v2.22.1  nodeSelector:    kubernetes.io/os: linux  podMonitorNamespaceSelector: {}  podMonitorSelector: {}  probeNamespaceSelector: {}  probeSelector: {}  replicas: 2  resources:    requests:      memory: 400Mi  ruleSelector:    matchLabels:      prometheus: k8s      role: alert-rules  securityContext:    fsGroup: 2000    runAsNonRoot: true    runAsUser: 1000  serviceAccountName: prometheus-k8s-test  serviceMonitorNamespaceSelector: {}  serviceMonitorSelector: {}  version: v2.22.1

apiVersion: v1kind: Servicemetadata:  labels:    prometheus: k8s  name: prometheus-k8s-test  namespace: ycspec:  ports:  - name: web    port: 9090    targetPort: web  selector:    app: prometheus    prometheus: k8s  sessionAffinity: ClientIP

kind: IngressapiVersion: networking.k8s.io/v1beta1metadata:  name: prometheus  namespace: yc  annotations:    appgw.ingress.kubernetes.io/backend-path-prefix: /    appgw.ingress.kubernetes.io/connection-draining: 'true'    appgw.ingress.kubernetes.io/connection-draining-timeout: '30'    appgw.ingress.kubernetes.io/cookie-based-affinity: 'true'    appgw.ingress.kubernetes.io/ssl-redirect: 'true'    cert-manager.io/cluster-issuer: letsencrypt-production    kubernetes.io/ingress.allow-http: 'false'    kubernetes.io/ingress.class: azure/application-gatewayspec:  tls:    - hosts:        - 自己填      secretName: 自己填  rules:    - host: 自己填      http:        paths:          - path: /prometheus-test-yc/*            pathType: ImplementationSpecific            backend:              serviceName: prometheus-k8s-test              servicePort: 9090

方便测试 推荐

serviceMonitorSelector: {}

先改成

serviceMonitorSelector:     matchLabels:        k8s-app: yc

如果你是按着我步骤走到这边
恭喜你 改一下ls的yaml档案吧
首先
kubectl delete Prometheus k8s -n yc
然后改写
vi Prometheus.yaml
按a进入编辑模式,就修完之后按esc退出然后输入:wq

这样就只会抓到k8s-app为yc的service monitoring了

ServiceMonitors如下

apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:  labels:    k8s-app: prometheus  name: prometheus  namespace: ycspec:  endpoints:  - interval: 30s    port: web  selector:    matchLabels:      prometheus: k8s

apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:  labels:    k8s-app: yc  name: alertmanager  namespace: ycspec:  endpoints:  - interval: 30s    port: web  selector:    matchLabels:      alertmanager: main

apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:  labels:    app.kubernetes.io/component: controller    app.kubernetes.io/name: prometheus-operator    app.kubernetes.io/version: v0.44.1    k8s-app: yc  name: prometheus-operator  namespace: ycspec:  endpoints:  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token    honorLabels: true    port: https    scheme: https    tlsConfig:      insecureSkipVerify: true  selector:    matchLabels:      app.kubernetes.io/component: controller      app.kubernetes.io/name: prometheus-operator      app.kubernetes.io/version: v0.44.1

然后你就可以看到这样啦

架大概这样,测的部分下集待续,谢谢

然后会生成一个.gz的秘密 可以这样进去看
kubectl get secret -n yc prometheus-k8s -o json | jq -r '.data."prometheus.yaml.gz"' | base64 -d | gzip -d