1. 监控 etcd 集群
1.1 查看接口信息
curl --cert /etc/etcd/ssl/etcd.pem --key /etc/etcd/ssl/etcd-key.pem https://10.0.0.11:2379/metrics -kcurl -L http://localhost:2379/metrics
1.2 创建 Service 和 Endpoints
apiVersion: v1kind: Servicemetadata:labels:app: etcd-k8sname: etcd-k8snamespace: kube-systemspec:ports:- name: etcd-portport: 2379protocol: TCPtargetPort: 2379type: ClusterIP---apiVersion: v1kind: Endpointsmetadata:labels:app: etcd-k8sname: etcd-k8snamespace: kube-systemsubsets:- addresses: # etcd节点对应的主机ip,有几台就写几台- ip: 10.0.0.11- ip: 10.0.0.12- ip: 10.0.0.21ports:- name: etcd-portport: 2379protocol: TCP
1.3 测试是否代理成功
# 查看 svc 和 ep[root@k8s-master01 ~]# kubectl get svc,ep -n kube-system etcd-k8sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/etcd-k8s ClusterIP 10.97.194.106 <none> 2379/TCP 46sNAME ENDPOINTS AGEendpoints/etcd-k8s 10.0.0.11:2379,10.0.0.12:2379,10.0.0.21:2379 46s# 再次请求,将IP换成svc的IP测试[root@k8s-master01 ~]# curl --cert /etc/etcd/ssl/etcd.pem --key /etc/etcd/ssl/etcd-key.pem https://10.97.194.106:2379/metrics -k
1.4 创建 secret
# 创建etcd-ssl secret,注意证书路径kubectl create secret generic etcd-ssl --from-file=/etc/kubernetes/pki/etcd/etcd-ca.pem --from-file=/etc/kubernetes/pki/etcd/etcd.pem --from-file=/etc/kubernetes/pki/etcd/etcd-key.pem -n monitoring# 查看 secret[root@k8s-master01 ~]# kubectl describe secrets -n monitoring etcd-sslName: etcd-sslNamespace: monitoringLabels: <none>Annotations: <none>Type: OpaqueData====etcd-ca.pem: 1330 bytesetcd-server-key.pem: 1679 bytesetcd-server.pem: 1460 bytes
1.5 编辑 prometheus 挂载证书
# 编辑 prometheus[root@k8s-master01 ~]# kubectl edit prometheus k8s -n monitoring...spec:secrets:- etcd-ssl # secret名称...# 进入容器查看,证书是否已经挂载[root@k8s-master01 ~]# kubectl exec -it -n monitoring prometheus-k8s-0 -c prometheus -- ls /etc/prometheus/secrets/etcd-ssl/etcd-ca.pem etcd-server-key.pem etcd-server.pem
1.6 创建ServiceMonitor
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:name: etcd-k8snamespace: monitoringlabels:app: etcd-k8sspec:jobLabel: appendpoints:- interval: 30sport: etcd-port # 对应 Service.spec.ports.namescheme: httpstlsConfig:caFile: /etc/prometheus/secrets/etcd-ssl/etcd-ca.pem # 证书路径,prometheus pod 里的路径certFile: /etc/prometheus/secrets/etcd-ssl/etcd.pemkeyFile: /etc/prometheus/secrets/etcd-ssl/etcd-key.peminsecureSkipVerify: true # 关闭证书校验,证书serverName和etcd中签发的证书可能不匹配,添加此行后将不再对服务端的证书进行校验selector:matchLabels:app: etcd-k8s # 和scv的lables保持一致namespaceSelector:matchNames:- kube-system # 和svc所在namespace保持一致
查看ServiceMonitor:
[root@k8s-master01 ~]# kubectl get servicemonitors etcd-k8s -n monitoringNAME AGEetcd-k8s 6m32s
1.7 查看 Prometheus 页面
打开Prometheus Web端,按下面的路径Status -> targets -> monitoring/etcd-k8s寻找etcd监控信息。(获取**metrcis**需要一定时间,需要稍等一会)
1.8 Grafana 监控模板导入
打开仪表盘市场,找到etcd对应模板并导入。常用的模板有Etcd by Prometheus和Etcd-for-k8s-cn中文。然后打开Grafana Web页面,点击 **+** -> import -> load即可。
2. 监控 Kafka 集群
若有收获,就点个赞吧
0 人点赞
