|NO.Z.00322|——————————|CloudNative|——|KuberNetes&运维.V40|——|白盒监控.v02|etcd.v02|
一、监控有metrics接口的业务应用:以etcd为例
### --- 监控etcd
~~~ 查看etcd的端口:2379
[root@k8s-master01 etcd]# netstat -lntp | grep etcd
tcp 0 0 192.168.1.11:2379 0.0.0.0:* LISTEN 1348/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 1348/etcd ### --- curl.etcd.IP端口2379:是否有监控数据
~~~ 注:--cert:指定证书 --key:指定证书
[root@k8s-master01 etcd]# curl --cert /etc/etcd/ssl/etcd.pem --key /etc/etcd/ssl/etcd-key.pem https://192.168.1.11:2379/metrics -k | more### --- 方案二:
~~~ 注:是没有service的,需要创建service
[root@k8s-master01 etcd]# curl -L http://localhost:2379/metrics | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
# HELP etcd_cluster_version Which version is running. 1 for 'cluster_version' label with current cluster version
# TYPE etcd_cluster_version gauge
etcd_cluster_version{cluster_version="3.4"} 1
# HELP etcd_debugging_auth_revision The current revision of auth store.
# TYPE etcd_debugging_auth_revision gauge
etcd_debugging_auth_revision 1
# HELP etcd_debugging_disk_backend_commit_rebalance_duration_seconds The latency distributions of commit.rebalance called by bboltdb backend.二、创建service和Endpoints
### --- 创建ep和svc代理外部的etcd服务,其他自带metrics接口的服务也是如此
[root@k8s-master01 etcd]# vim etcd-serviceMonitor.yaml
apiVersion: v1
kind: Endpoints
metadata:
labels:
app: etcd-monitor
name: etcd
namespace: kube-system
subsets:
- addresses: # etcd节点对应的主机ip,有几台就写几台
- ip: 192.168.1.11
- ip: 192.168.1.14
- ip: 192.168.1.15
ports:
- name: etcd
port: 2379 # etcd端口
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd-monitor
name: etcd
namespace: kube-system
spec:
ports:
- name: etcd
port: 2379
protocol: TCP
targetPort: 2379
type: ClusterIP### --- 创建etcd的svc和ep
[root@k8s-master01 etcd]# kubectl create -f etcd-serviceMonitor.yaml
endpoints/etcd-monitor created
service/etcd-monitor created### --- 查看创建etcd的svc和ep
[root@k8s-master01 etcd]# kubectl get svc,ep -n kube-system -l app=etcd-monitor
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/etcd-monitor ClusterIP 10.100.203.114 <none> 2379/TCP 104s
NAME ENDPOINTS AGE
endpoints/etcd-monitor 192.168.1.11:2379,192.168.1.14:2379,192.168.1.15:2379 104s三、测试是否代理成功
### --- 把etcd宿主机的IP换成service的地址,输出相同内容即创建成功
[root@k8s-master01 etcd]# kubectl get svc,ep -n kube-system -l app=etcd-monitor
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/etcd-monitor ClusterIP 10.100.203.114 <none> 2379/TCP 2m47s
NAME ENDPOINTS AGE
endpoints/etcd-monitor 192.168.1.11:2379,192.168.1.14:2379,192.168.1.15:2379 2m47s### --- 请求接口
[root@k8s-master01 etcd]# curl --cert /etc/etcd/ssl/etcd.pem --key /etc/etcd/ssl/etcd-key.pem https://10.100.203.114:2379/metrics -k | more四、更新Prometheus版本:挂载secrets
### --- 创建secret
[root@k8s-master01 prometheus]# kubectl -n monitoring create secret generic etcd-certs --from-file=/etc/etcd/ssl/etcd.pem --from-file=/etc/etcd/ssl/etcd-key.pem --from-file=/etc/etcd/ssl/etcd-ca.pem
secret/etcd-certs created### --- 查看是否创建成功
[root@k8s-master01 etcd]# kubectl describe secrets -n monitoring etcd-certs
Name: etcd-certs
Namespace: monitoring
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
etcd-ca.pem: 1367 bytes
etcd-key.pem: 1675 bytes
etcd.pem: 1501 bytes### --- 更新Prometheus的版本
[root@k8s-master01 prometheus]# vim prometheus-prometheus.yaml
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
labels:
prometheus: k8s
name: k8s
namespace: monitoring
spec:
alerting:
alertmanagers:
- name: alertmanager-main
namespace: monitoring
port: web
image: quay.io/prometheus/prometheus:v2.15.2
nodeSelector:
kubernetes.io/os: linux
podMonitorNamespaceSelector: {}
podMonitorSelector: {}
replicas: 1
resources:
requests:
memory: 400Mi
ruleSelector:
matchLabels:
prometheus: k8s
role: alert-rules
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: prometheus-k8s
serviceMonitorNamespaceSelector: {}
serviceMonitorSelector: {}
version: v2.15.2
secrets:
- etcd-certs### --- 注:挂载了一个secrets
~~~ 注释一:挂载secrets
secrets:
- etcd-certs
#replace-Prometheus### --- 进入Prometheus容器查看挂载是否成功
[root@k8s-master01 prometheus]# kubectl get po -n monitoring -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
prometheus-k8s-0 3/3 Running 1 19m 172.27.14.224 k8s-node02 <none> <none>~~~ # 挂载到了这个目录下
[root@k8s-master01 prometheus]# kubectl exec -ti prometheus-k8s-0 -n monitoring -- sh
/prometheus $ ls -l /etc/prometheus/secrets/etcd-certs/
total 0
lrwxrwxrwx 1 root root 18 May 26 13:24 etcd-ca.pem -> ..data/etcd-ca.pem
lrwxrwxrwx 1 root root 19 May 26 13:24 etcd-key.pem -> ..data/etcd-key.pem
lrwxrwxrwx 1 root root 15 May 26 13:24 etcd.pem -> ..data/etcd.pem五、创建servicemonitor
### --- 编辑servicemonitor.yaml文件
[root@k8s-master01 etcd]# vim etcd-servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: etcd
name: etcd
namespace: monitoring
spec:
endpoints:
- interval: 30s
port: etcd
scheme: https
tlsConfig:
caFile: /etc/prometheus/secrets/etcd-certs/etcd-ca.pem
certFile: /etc/prometheus/secrets/etcd-certs/etcd.pem
keyFile: /etc/prometheus/secrets/etcd-certs/etcd-key.pem
insecureSkipVerify: true
selector:
matchLabels:
app: etcd-monitor
namespaceSelector:
matchNames:
- kube-system### --- 创建servicemonitor
[root@k8s-master01 etcd]# kubectl create -f etcd-servicemonitor.yaml
servicemonitor.monitoring.coreos.com/etcd created### --- 查看创建的servicemonitor
[root@k8s-master01 etcd]# kubectl get servicemonitor -n monitoring
NAME AGE
etcd 94sWalter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
——W.S.Landor
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南