使用kuboard管理K8S集群后,通过在Kuboard上配置监控套件来完成对集群进行监控。
0.1 软件版本
Kubernetes 1.23.5
Kuboard3.5.0.1
资源层监控套件system-monitor.addons.kuboard.cn v3.1.7
0.2 存储摘要
使用NFS作为数据prometheus时序数据存储,需要创建Kuboard依赖的StorageClass、PV、PVC,简要信息
类 别 | 名 称 | 路 径 |
StorageClass | kuboard-kube-prometheus | N/A |
PV | kuboard-kube-prometheus0 | /kuboard_pv/prometheus-k8s-db-prometheus-k8s-0 |
kuboard-kube-prometheus1 | /kuboard_pv/prometheus-k8s-db-prometheus-k8s-1 | |
PVC | prometheus-k8s-db-prometheus-k8s-0 | N/A |
prometheus-k8s-db-prometheus-k8s-1 | N/A |
1) 创建kuboard依赖的StorageClass、PV、PVC
后面会用到此处创建的StorageClass。
StorageClass、PV可以指定名称,两个PVC名称必须是prometheus-k8s-db-prometheus-k8s-0、prometheus-k8s-db-prometheus-k8s-1。
vim kuboard-kube-prometheusV3.yaml #编辑配置文件,内容如下apiVersion: storage.k8s.io/v1kind: StorageClassmetadata:name: kuboard-kube-prometheus #StorageClass名称,后续用到provisioner: kubernetes.io/no-provisionerreclaimPolicy: RetainvolumeBindingMode: Immediate---apiVersion: v1kind: PersistentVolumemetadata:name: kuboard-kube-prometheus0spec:accessModes:- ReadWriteManycapacity:storage: 40Ginfs:path: /kuboard_pv/prometheus-k8s-db-prometheus-k8s-0 #视现场环境而定,需要提前在nfs-server上创建该目录server: 192.18.80.159 #NFS Server地址persistentVolumeReclaimPolicy: RetainstorageClassName: kuboard-kube-prometheusvolumeMode: Filesystem---apiVersion: v1kind: PersistentVolumemetadata:name: kuboard-kube-prometheus1spec:accessModes:- ReadWriteManycapacity:storage: 40Ginfs:path: /kuboard_pv/prometheus-k8s-db-prometheus-k8s-1 #视现场环境而定,需要提前在nfs-server上创建该目录server: 192.18.80.159 #NFS Server地址persistentVolumeReclaimPolicy: RetainstorageClassName: kuboard-kube-prometheusvolumeMode: Filesystem---apiVersion: v1kind: PersistentVolumeClaimmetadata:labels:name: prometheus-k8s-db-prometheus-k8s-0name: prometheus-k8s-db-prometheus-k8s-0namespace: kuboardspec:accessModes: #访客模式- ReadWriteManyresources: #请求空间requests:storage: 40GistorageClassName: kuboard-kube-prometheus---apiVersion: v1kind: PersistentVolumeClaimmetadata:labels:name: prometheus-k8s-db-prometheus-k8s-1name: prometheus-k8s-db-prometheus-k8s-1namespace: kuboardspec:accessModes: # 访客模式- ReadWriteManyresources: # 请求空间requests:storage: 40GistorageClassName: kuboard-kube-prometheus
上面共5段,分别为1个StorageClass、2个PV、2个PVC。
2) 准备目录
创建目录:
mkdir -p kuboard_pv/prometheus-k8s-db-prometheus-k8s-0mkdir -p kuboard_pv/prometheus-k8s-db-prometheus-k8s-1
修改权限:
chmod –R 777 kuboard_pv/prometheus-k8s-db-prometheus-k8s-0chmod –R 777 kuboard_pv/prometheus-k8s-db-prometheus-k8s-1
如果目录属主为root(较不安全),确保目录权限为777。否则后续创建的pod会失败,提示msg="Error opening query log file" file=/prometheus/queries.active err="open prometheus/queries.active: permission denied" panic: Unable to create mmap-ed active query log。默认nfs目录属主为nobody。
查看权限为777:
[root@rh-master01 ~]# ll kuboard_pv/total 8drwxrwxrwx 3 root root 4096 May 26 18:20 prometheus-k8s-db-prometheus-k8s-0drwxrwxrwx 3 root root 4096 May 26 18:20 prometheus-k8s-db-prometheus-k8s-1
3) 创建StorageClass、PV、PVC
[root@rh-master01 kuboard]# kubectl apply -f kuboard-kube-prometheusV3.yamlstorageclass.storage.k8s.io/kuboard-kube-prometheus createdpersistentvolume/kuboard-kube-prometheus0 createdpersistentvolume/kuboard-kube-prometheus1 createdpersistentvolumeclaim/prometheus-k8s-db-prometheus-k8s-0 createdpersistentvolumeclaim/prometheus-k8s-db-prometheus-k8s-1 created
4) 查看已创建存储资源
查看StorageClass:
[root@rh-master01 ~]# kubectl get sc | grep prometheusdev-em-dtbase-test-prometheus kubernetes.io/no-provisioner Delete Immediate false 12dkuboard-kube-prometheus kubernetes.io/no-provisioner Retain Immediate false 68m
查看PV:
[root@rh-master01 ~]# kubectl get pv | grep prometheuskuboard-kube-prometheus0 40Gi RWX Retain Bound kuboard/prometheus-k8s-db-prometheus-k8s-0 kuboard-kube-prometheus 69mkuboard-kube-prometheus1 40Gi RWX Retain Bound kuboard/prometheus-k8s-db-prometheus-k8s-1 kuboard-kube-prometheus 69mnfs-pv-kuboard-prometheus 40Gi RWX Retain Terminating kube-system/nfs-pvc-kuboard-prometheus nfs-storageclass-provisioner 45htest-em-dtbase-test-prometheus0 10Gi RWO Retain Bound em/prometheus-data-dtbase-prometheus-master-0 dev-em-dtbase-test-prometheus 12d
查看PVC,STATUS为Bound:
[root@rh-master01 ~]# kubectl get pvc -n kuboardNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEprometheus-k8s-db-prometheus-k8s-0 Bound kuboard-kube-prometheus0 40Gi RWX kuboard-kube-prometheus 70mprometheus-k8s-db-prometheus-k8s-1 Bound kuboard-kube-prometheus1 40Gi RWX kuboard-kube-prometheus 70m
集群导入> 套件 > 套件仓库 > 查找套件
点击查看
点击“离线安装”,稍等片刻点击
集群导入 > 套件 > 从YAML创建
粘贴刚才复制的内容,点击确定
按提示,点击应用
点击确定
集群导入 > 套件 > 已安装套件 > 详情
此时状态为LOADED,根据向导,完成后面4个步骤的操作,此时先进行第一个步骤,套件参数配置。
套件参数页面,在PROMETHEUS_STORAGE_CLASS一栏填入之前创建的StorageClass:kuboard-kube-prometheus
下列检查项均正常,curl不能访问,可以忽略。也可调整,调整参考下方。
Curl访问方法:
curl -ik https://master节点的ip地址:10257curl -ik https://master节点的ip地址:10259
访问所有master的10257和10259端口,此处以master01为例,当前提示访问异常:
[root@rh-master01 kuboard]# curl -ik https://192.18.80.135:10257curl: (7) Failed connect to 192.18.80.135:10257; Connection refused[root@rh-master01 kuboard]# curl -ik https://192.18.80.135:10259curl: (7) Failed connect to 192.18.80.135:10259; Connection refused
#查看kube-controller-manager.yaml配置
grep bind-address=127.0.0.1 etc/kubernetes/manifests/kube-controller-manager.yaml
#修改配置,将bind-address=127.0.0.1更换为bind-address=0.0.0.0
sed -i 's/bind-address=127.0.0.1/bind-address=0.0.0.0/g' etc/kubernetes/manifests/kube-controller-manager.yamlvim etc/kubernetes/manifests/kube-controller-manager.yaml0.0.0.0
#查看kube-scheduler.yaml配置
grep bind-address=127.0.0.1 etc/kubernetes/manifests/kube-scheduler.yaml
#修改配置,将bind-address=127.0.0.1更换为bind-address=0.0.0.0
sed -i 's/bind-address=127.0.0.1/bind-address=0.0.0.0/g' etc/kubernetes/manifests/kube-scheduler.yamlvim etc/kubernetes/manifests/kube-scheduler.yaml
10527端口正常参考:
[root@rh-master01 ~]# curl -ik https://192.18.80.135:10257HTTP/1.1 403 ForbiddenCache-Control: no-cache, privateContent-Type: application/jsonX-Content-Type-Options: nosniffDate: Wed, 25 May 2022 00:53:09 GMTContent-Length: 217{"kind": "Status","apiVersion": "v1","metadata": {},"status": "Failure","message": "forbidden: User \"system:anonymous\" cannot get path \"/\"","reason": "Forbidden","details": {},"code": 403}
也可用浏览器打开:
准备无误后,勾选“确认已完成”,点击保存。
点击应用
点击确定,进入第②步。
4.1 预安装
点击预安装
后续点击N个“下一步”
点击确定
已通过校验,点击应用
点击确定
预检查完成,点击确定,进行安装。
4.2 安装
点击安装
点击N个“下一步”
下一步
下一步
下一步
点击确定,如果要调整副本数,可“重置副本数为1”。
点击应用
点击确定
已完成安装,点击确定,进入第③步。
等待数分钟后,kuboard的各Pod就绪,点击确定
此时kuboard套件的状态变为INSTALLED,点击“执行初始化”
点击确定,进入第④步
看到“当您看到此页面时,说明您已经激活了此套件...”提示,说明监控套件已安装完成。
集群导入 > 套件 > 资源层监控套件提示“已安装”
集群管理 > 资源层监控套件 > 可点击7个扩展套件进行查看
点击资源监控效果:
如果需要卸载,可以点击“删除套件”,也可以点击“禁用套件”,会临时禁用所有套件。
点击确定
点击卸载
然后按提示完成卸载。
当禁用套件后,在相同位置点击“启用套件”,即可再次启用所有监控套件。
后续将可进行告警相关配置,此处略过,未完待续。
https://kuboard.cn/learning/k8s-advanced/ts/application.html#debugging-podshttps://kuboard.cn/guide/addon/#%E6%A6%82%E8%BF%B0https://kuboard.cn/learning/k8s-advanced/observe/monitor.html#%E5%89%8D%E6%8F%90https://kuboard.cn/learning/k8s-advanced/observe/alert.html
-- 完 --
更多精彩,敬请期待
不足之处,还望抛转。
作者:王坤,微信公众号:rundba,欢迎转载,转载请注明出处。
如需公众号转发,请联系wx:landnow。
往期推荐
