[英]How to access the prometheus & grafana via Istion ingress gateway? I have installed the promethius anfd grafana through Helm
我使用以下命令来调出 pod:
kubectl create deployment grafana --image=docker.io/grafana/grafana:5.4.3 -n monitoring
然后我使用以下命令创建 custerIp:
kubectl expose deployment grafana --type=ClusterIP --port=80 --target-port=3000 --protocol=TCP -n monitoring
然后我使用了以下虚拟服务:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
spec:
hosts:
- "*"
gateways:
- cogtiler-gateway.skydeck
http:
- match:
- uri:
prefix: /grafana
route:
- destination:
port:
number: 3000
host: grafana
kubectl apply -f grafana-virtualservice.yaml -n monitoring
Output:
virtualservice.networking.istio.io/grafana created
现在,当我尝试访问它时,我从 grafana 收到以下错误:
**If you're seeing this Grafana has failed to load its application files
1. This could be caused by your reverse proxy settings.
2. If you host grafana under subpath make sure your grafana.ini root_path setting includes subpath
3. If you have a local dev build make sure you build frontend using: npm run dev, npm run watch, or npm run build
4. Sometimes restarting grafana-server can help **
您需要创建一个Gateway以允许在istio-ingressgateway和您的VirtualService之间进行路由。
类似的东西:
kind: Gateway
metadata:
name: ingress
namespace: istio-system
spec:
selector:
# Make sure that the istio-ingressgateway pods have this label
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- my.domain.com
您还需要一个指向您的 istio-ingressgateway 的 IP 地址的域 (my-domain.com) 的 DNS 条目。
当您的浏览器点击my.domain.com时,它将被重定向到istio-ingressgateway 。 istio-ingressgateway将检查请求中的Host字段,并将请求重定向到 grafana(根据 VirtualService 规则)。
您可以检查kubectl get svc -n istio-system | grep istio-ingressgateway kubectl get svc -n istio-system | grep istio-ingressgateway获取入口网关的公共 IP。
如果要启用 TLS,则需要为您的域提供 TLS 证书(使用 cert-manager 最简单)。 然后您可以在网关中使用 https 重定向,如下所示:
kind: Gateway
metadata:
name: ingress
namespace: whatever
spec:
selector:
# Make sure that the istio-ingressgateway pods have this label
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- my.domain.com
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- my.domain.com
tls:
mode: SIMPLE
# name of the secret containing the TLS certificate + keys. The secret must exist in the same namespace as the istio-ingressgateway (probably istio-system namespace)
# This secret can be created by cert-manager
# Or you can create a self-signed certificate
# and add it to manually inside the browser trusted certificates
credentialName: my-domain-tls
然后你 VirtualService
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana
spec:
hosts:
- "my.domain.com"
gateways:
- ingress
http:
- match:
- uri:
prefix: /grafana
route:
- destination:
port:
number: 3000
host: grafana
最简单且开箱即用的配置解决方案是使用 grafana host和/前缀。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: monitoring
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
namespace: monitoring
spec:
hosts:
- "grafana.example.com"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: grafana
port:
number: 80
正如您在评论中提到的, I want to use path based routing something like my.com/grafana ,这也是可以配置的。 您可以使用istio rewrite来配置它。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
namespace: monitoring
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
namespace: monitoring
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /grafana
rewrite:
uri: /
route:
- destination:
host: grafana
port:
number: 80
但是,根据这个github 问题,您还需要为此额外配置 grafana。 没有正确的 grafana 配置将无法正常工作。
我找到了一种在 grafana 部署中使用以下环境变量GF_SERVER_ROOT_URL配置具有不同 url 的 grafana 的方法。
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: grafana
name: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: grafana
spec:
containers:
- image: docker.io/grafana/grafana:5.4.3
name: grafana
env:
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s/grafana/"
resources: {}
该部署还有一个虚拟服务和网关。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grafana-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-grafana
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
spec:
hosts:
- "*"
gateways:
- grafana-gateway
http:
- match:
- uri:
prefix: /grafana/
rewrite:
uri: /
route:
- destination:
host: grafana
port:
number: 80
如何访问在 Azure 中运行的托管 k8s 上的 ingress-nginx 命名空间中安装的 Prometheus 和 Grafana?
[英]How to access Prometheus and Grafana installed in the ingress-nginx namespace on managed k8s running in Azure?
在Kubernetes上无法通过AWS ELB访问Grafana(对于Prometheus)
[英]Can't access Grafana(for prometheus) via AWS ELB at Kubernetes
无法通过 kubernetes 的 kong ingress 控制器访问 grafana
[英]Can't access grafana through kong ingress controller for kubernetes
如何使用 helm bitnami/mongodb 和 kube-prometheus-stack 设置 mongodb grafana 仪表板
[英]How to setup a mongodb grafana dashboard using helm bitnami/mongodb and kube-prometheus-stack
无法登录到在 Kubernetes 上安装了 helm 的本地 Grafana
[英]Unable to login to local Grafana installed with helm on Kubernetes
Kubernetes ingress nginx grafana 仪表板 prometheus 数据为空
[英]Kubernetes ingress nginx grafana dashboard prometheus data was empty
使用Helm时如何自动将Grafana(使用PostgreSQL而不是SQLite 3)连接到Prometheus
[英]How to automatically connect Grafana (with PostgreSQL instead of SQLite 3) to Prometheus when using Helm
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.