普罗米修斯汽车发现K8s
[英]Prometheus auto discovery K8s
问题描述
Can someone guide the configuration for auto discover for K8s. 
有人可以指导K8的自动发现配置。 The Prometheus server is outside of the cluster. Prometheus服务器位于群集之外。 I tried Service Discovery With Kubernetes and someone mentioned in this discussion 我尝试了使用Kubernetes的服务发现和本讨论中提到的人
I'm not yet a K8s expert enough to explain all the details here, but fundamentally it's perfectly possible to run Prometheus outside of the cluster (and required for things like redundant cross-cluster meta-monitoring).
in_clusterconfig option in http://prometheus.io/docs/operating/configuration/#kubernetes-sd-configurations-kubernetes_sd_config .in_cluster配置选项。 You need to jump through certificate hoops if you run it outside.
So, I made a simple configuration 所以,我做了一个简单的配置
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_servers:
- https://xxx.xx.xx.xx
# Run in cluster. This will use the automounted CA certificate and bearer
# token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
in_cluster: false
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# Retry interval between watches if they disconnect.
retry_interval: 5s
Getting unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval" or some other indentation errors unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval"获取unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval"或其他一些缩进错误
In sample configuration , they mentioned ca_file: . 在示例配置中 ,他们提到了ca_file: . How to get that certificate file from K8s or is there any way to specify K8s config file(~/.kube/config) 如何从K8s获取该证书文件或有没有办法指定K8s config文件(〜/ .kube / config)
3 个解决方案
解决方案1
4 已采纳 2017-12-09 19:04:04
By digging though the source code I figured out, that Prometheus always uses the in cluster config, if no api_server is provided in the config ( discovery/kubernetes/kubernetes.go#L90-L96 ). 通过挖掘我发现的源代码,如果配置中没有提供api_server ,那么Prometheus总是使用in cluster config( discovery/kubernetes/kubernetes.go#L90-L96 )。
Somehow the docs don't say anything about the Kubernetes configuration parameters, but the source code does ( config/config.go#L1026-L1037 ). 不知何故, 文档没有说Kubernetes配置参数,但源代码确实如此( config/config.go#L1026-L1037 )。 Therefore there is not list named api_servers , but a single parameter named api_server . 因此,有没有命名列表api_servers ,但单一的参数命名api_server 。
So your config should look like this (untested): 所以你的配置应该是这样的(未经测试):
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_server: https://xxx.xx.xx.xx
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# specify the CA
tls_config:
ca_file: /path/to/ca.crt
## If the actual CA file isn't available you need to disable verification:
# insecure_skip_verify: true
I don't know where the retry_interval parameter comes from, but AFAIK this isn't a Kubernetes config parameter and it's also not part of the Prometheus config. 我不知道retry_interval参数来自哪里,但AFAIK这不是Kubernetes配置参数,它也不是Prometheus配置的一部分。
解决方案2
1 2017-12-11 14:26:38
解决方案3
0 2018-02-10 07:06:07
How to retrieve that file depends on your cluster setup
How to get that certificate file from K8s
By default, kubernetes stores the client CA certificate file at /etc/kubernetes/pki/ca.crt and also at /var/run/secrets/kubernetes.io/serviceaccount/ca.crt in a ConfigMap used by kubeconfig . 默认情况下,kubernetes将客户端CA证书文件存储在/etc/kubernetes/pki/ca.crt以及/var/run/secrets/kubernetes.io/serviceaccount/ca.crt中的kubeconfig使用的kubeconfig 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.