[英]Prometheus auto discovery K8s
Can someone guide the configuration for auto discover for K8s. 有人可以指导K8的自动发现配置。 The Prometheus server is outside of the cluster.
Prometheus服务器位于群集之外。 I tried Service Discovery With Kubernetes and someone mentioned in this discussion
我尝试了使用Kubernetes的服务发现和本讨论中提到的人
I'm not yet a K8s expert enough to explain all the details here, but fundamentally it's perfectly possible to run Prometheus outside of the cluster (and required for things like redundant cross-cluster meta-monitoring).
我还不是K8s的专家,足以解释这里的所有细节,但从根本上说,完全可以在集群之外运行Prometheus(并且需要冗余的跨集群元监控等)。 Cf.
参看 the
in_cluster
config option in http://prometheus.io/docs/operating/configuration/#kubernetes-sd-configurations-kubernetes_sd_config .http://prometheus.io/docs/operating/configuration/#kubernetes-sd-configurations-kubernetes_sd_config中的
in_cluster
配置选项。 You need to jump through certificate hoops if you run it outside.如果你在外面运行它,你需要跳过证书箍。
So, I made a simple configuration 所以,我做了一个简单的配置
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_servers:
- https://xxx.xx.xx.xx
# Run in cluster. This will use the automounted CA certificate and bearer
# token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
in_cluster: false
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# Retry interval between watches if they disconnect.
retry_interval: 5s
Getting unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval"
or some other indentation errors unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval"
获取unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval"
或其他一些缩进错误
In sample configuration , they mentioned ca_file:
. 在示例配置中 ,他们提到了
ca_file:
. How to get that certificate file from K8s or is there any way to specify K8s config
file(~/.kube/config) 如何从K8s获取该证书文件或有没有办法指定K8s
config
文件(〜/ .kube / config)
By digging though the source code I figured out, that Prometheus always uses the in cluster config, if no api_server
is provided in the config ( discovery/kubernetes/kubernetes.go#L90-L96
). 通过挖掘我发现的源代码,如果配置中没有提供
api_server
,那么Prometheus总是使用in cluster config( discovery/kubernetes/kubernetes.go#L90-L96
)。
Somehow the docs don't say anything about the Kubernetes configuration parameters, but the source code does ( config/config.go#L1026-L1037
). 不知何故, 文档没有说Kubernetes配置参数,但源代码确实如此(
config/config.go#L1026-L1037
)。 Therefore there is not list named api_servers
, but a single parameter named api_server
. 因此,有没有命名列表
api_servers
,但单一的参数命名api_server
。
So your config should look like this (untested): 所以你的配置应该是这样的(未经测试):
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_server: https://xxx.xx.xx.xx
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# specify the CA
tls_config:
ca_file: /path/to/ca.crt
## If the actual CA file isn't available you need to disable verification:
# insecure_skip_verify: true
I don't know where the retry_interval
parameter comes from, but AFAIK this isn't a Kubernetes config parameter and it's also not part of the Prometheus config. 我不知道
retry_interval
参数来自哪里,但AFAIK这不是Kubernetes配置参数,它也不是Prometheus配置的一部分。
How to retrieve that file depends on your cluster setup
如何检索该文件取决于您的群集设置
How to get that certificate file from K8s
如何从K8s获取该证书文件
By default, kubernetes stores the client CA certificate file at /etc/kubernetes/pki/ca.crt
and also at /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
in a ConfigMap used by kubeconfig
. 默认情况下,kubernetes将客户端CA证书文件存储在
/etc/kubernetes/pki/ca.crt
以及/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
中的kubeconfig
使用的kubeconfig
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.