云原生PrometheusGrafanaonK8s环境部署

　　一、概述
　　Prometheus最开始是由SoundCloud开发的开源监控告警系统，是GoogleBorgMon监控系统的开源版本。在2016年，Prometheus加入CNCF，成为继Kubernetes之后第二个被CNCF托管的项目。随着Kubernetes在容器编排领头羊地位的确立，Prometheus也成为Kubernetes容器监控的标配。
　　关于Prometheus的介绍可以参考我之前的文章：Prometheus原理详解
　　二、使用Helm安装Prometheus
　　地址：https：artifacthub。iopackageshelmprometheuscommunityprometheus1）配置源添加repohelmrepoaddprometheuscommunityhttps：prometheuscommunity。github。iohelmchartshelmrepoupdateprometheuscommunityhelmsearchrepoprometheuscommunityprometheus
　　2）下载prometheus包拉包helmpullprometheuscommunityprometheus解包tarxfprometheus15。12。2。tgz3）修改镜像grepA3image：prometheusvalues。yaml
　　search》pull》tag》push1、alertmanagerdockersearchalertmanagerdockerpullquay。ioprometheusalertmanagerdockertagquay。ioprometheusalertmanagermyharbor。commonitoringalertmanager：v0。24。0dockerpushmyharbor。commonitoringalertmanager：v0。24。02、configmapreloaddockersearchconfigmapreloaddockerpulljimmidysonconfigmapreload：v0。5。0dockertagjimmidysonconfigmapreload：v0。5。0myharbor。commonitoringconfigmapreload：v0。5。0dockerpushmyharbor。commonitoringconfigmapreload：v0。5。03、nodeexporterdockersearchnodeexporterdockerpullquay。ioprometheusnodeexporter：v1。3。1dockertagquay。ioprometheusnodeexporter：v1。3。1myharbor。commonitoringnodeexporter：v1。3。1dockerpushmyharbor。commonitoringnodeexporter：v1。3。14、prometheusdockersearchprometheusdockerpullquay。ioprometheusprometheus：v2。36。2dockertagquay。ioprometheusprometheus：v2。36。2myharbor。commonitoringprometheus：v2。36。2dockerpushmyharbor。commonitoringprometheus：v2。36。25、pushgatewaydockersearchpushgatewaydockerpullprompushgateway：v1。4。3dockertagprompushgateway：v1。4。3myharbor。commonitoringpushgateway：v1。4。3dockerpushmyharbor。commonitoringpushgateway：v1。4。36、kubestatemetricschartskubestatemetricsvalues。yamldockerpullbitnamikubestatemetricsdockertagbitnamikubestatemetrics：latestmyharbor。commonitoringkubestatemetrics：latestdockerpushmyharbor。commonitoringkubestatemetrics：latest
　　修改镜像values。yaml，chartskubestatemetricsvalues。yaml4）安装prometheusdryrundebughelminstallprometheus。nprometheuscreatenamespacesetserver。ingress。enabledtruesetserver。ingress。hosts｛prometheus。k8s。local｝setserver。ingress。paths｛｝setserver。ingress。pathTypePrefixsetalertmanager。ingress。enabledtruesetalertmanager。ingress。hosts｛alertmanager。k8s。local｝setalertmanager。ingress。paths｛｝setalertmanager。ingress。pathTypePrefixsetgrafana。ingress。enabledtruesetgrafana。ingress。hosts｛grafana。k8s。local｝setgrafana。ingress。paths｛｝setgrafana。ingress。pathTypePrefix
　　NOTESNAME：prometheusLASTDEPLOYED：SatSep1710：06：042022NAMESPACE：prometheusSTATUS：deployedREVISION：1TESTSUITE：NoneNOTES：ThePrometheusservercanbeaccessedviaport80onthefollowingDNSnamefromwithinyourcluster：prometheusserver。prometheus。svc。cluster。localGetthePrometheusserverURLbyrunningthesecommandsinthesameshell：exportPODNAME（kubectlgetpodsnamespaceprometheuslappprometheus，componentserverojsonpath｛。items〔0〕。metadata。name｝）kubectlnamespaceprometheusportforwardPODNAME9090ThePrometheusalertmanagercanbeaccessedviaport80onthefollowingDNSnamefromwithinyourcluster：prometheusalertmanager。prometheus。svc。cluster。localFromoutsidethecluster，thealertmanagerURL（s）are：http：alertmanager。k8s。localWARNING：PodSecurityPolicyhasbeenmovedtoaglobalproperty。use。Values。podSecurityPolicy。enabledwithpodbasedannotations（e。g。。Values。nodeExporter。podSecurityPolicy。annotations）ThePrometheusPushGatewaycanbeaccessedviaport9091onthefollowingDNSnamefromwithinyourcluster：prometheuspushgateway。prometheus。svc。cluster。localGetthePushGatewayURLbyrunningthesecommandsinthesameshell：exportPODNAME（kubectlgetpodsnamespaceprometheuslappprometheus，componentpushgatewayojsonpath｛。items〔0〕。metadata。name｝）kubectlnamespaceprometheusportforwardPODNAME9091FormoreinformationonrunningPrometheus，visit：https：prometheus。io
　　查看kubectlgetpods，svc，ingressnprometheus
　　5）访问web
　　prometheus：http：prometheus。k8s。local
　　alertmanager：http：alertmanager。k8s。local
　　6）配置https并更新1、生成证书（有证书可忽略）cdoptk8cdtls生成CA证书私钥opensslgenrsaoutca。key4096生成CA证书opensslreqx509newnodessha512days3650subjCCNSTGuangdongLShenzhenOk8s。localOUk8s。localCNk8s。localkeyca。keyoutca。crt创建域名证书，生成私钥opensslgenrsaoutk8s。local。key4096生成证书签名请求CSRopensslreqsha512newsubjCCNSTGuangdongLShenzhenOk8s。localOUk8s。localCNk8s。localkeyk8s。local。keyoutk8s。local。csr生成x509v3扩展catv3。extEOFauthorityKeyIdentifierkeyid，issuerbasicConstraintsCA：FALSEkeyUsagedigitalSignature，nonRepudiation，keyEncipherment，dataEnciphermentextendedKeyUsageserverAuthsubjectAltNamealtnames〔altnames〕DNS。1k8s。localDNS。2。k8s。localDNS。3k8s。localEOF创建k8s。local访问证书opensslx509reqsha512days3650extfilev3。extCAca。crtCAkeyca。keyCAcreateserialink8s。local。csroutk8s。local。crt
　　2、修改配置alertmanager：。。。ingress：。。。tls：secretName：prometheusalertstlshosts：alertmanager。k8s。local。。。server：。。。ingress：。。。tls：secretName：prometheusalertstlshosts：alertmanager。k8s。local。。。secrets：name：prometheusalertstlscert：tlsk8s。local。crtkey：tlsk8s。local。key
　　新增一个templatestlssecret。yaml文件｛｛range。Values。secrets｝｝apiVersion：v1kind：Secretmetadata：name：｛｛。name｝｝data：tls。crt：｛｛。Files。Get。certb64enc｝｝tls。key：｛｛。Files。Get。keyb64enc｝｝type：kubernetes。iotls｛｛end｝｝3、upgrade更新helmupgradeprometheus。nprometheus
　　查看kubectlgetpods，svc，ingressnprometheus
　　web访问：
　　https：prometheus。k8s。local
　　https：alertmanager。k8s。local7）卸载helmuninstallprometheusnprometheuskubectldeletepodnprometheuskubectlgetpodnprometheusawkNR1｛print1｝forcekubectlpatchnsprometheusp｛metadata：｛finalizers：null｝｝kubectldeletensprometheusforce三、使用Helm安装Grafana
　　地址：https：artifacthub。iopackageshelmgrafanagrafana1）配置源helmrepoaddgrafanahttps：grafana。github。iohelmchartshelmrepoupdategrafanahelmsearchrepografanagrafana2）下载grafana包helmpullgrafanagrafanatarxfgrafana6。38。3。tgz3）修改镜像grepA3image：grafanavalues。yaml
　　search》pull》tag》push1、grafanadockersearchgrafanadockerpullgrafanagrafanadockertaggrafanagrafana：latestmyharbor。commonitoringgrafana：9。1。5dockerpushmyharbor。commonitoringgrafana：9。1。52、batsdockersearchbatsdockerpullbatsbats：v1。4。1dockertagbatsbats：v1。4。1myharbor。commonitoringbats：v1。4。1dockerpushmyharbor。commonitoringbats：v1。4。13、busyboxdockersearchbusyboxdockerpullbusybox：1。31。1dockertagbusybox：1。31。1myharbor。commonitoringbusybox：1。31。1dockerpushmyharbor。commonitoringbusybox：1。31。14、k8ssidecardockersearchk8ssidecardockerpullquay。iokiwigridk8ssidecar：1。19。2dockertagquay。iokiwigridk8ssidecar：1。19。2myharbor。commonitoringk8ssidecar：1。19。2dockerpushmyharbor。commonitoringk8ssidecar：1。19。25、grafanaimagerendererdockersearchgrafanaimagerendererdockerpullgrafanagrafanaimagerenderer：latestdockertaggrafanagrafanaimagerenderer：latestmyharbor。commonitoringgrafanaimagerenderer：latestdockerpushmyharbor。commonitoringgrafanaimagerenderer：latest
　　修改镜像values。yaml4）安装grafanahelminstallgrafana。ngrafanacreatenamespacesetingress。enabledtruesetingress。hosts｛grafana。k8s。local｝setingress。paths｛｝setingress。pathTypePrefix
　　NOTESNAME：grafanaLASTDEPLOYED：SatSep1711：41：142022NAMESPACE：grafanaSTATUS：deployedREVISION：1NOTES：1。Getyouradminuserpasswordbyrunning：kubectlgetsecretnamespacegrafanagrafanaojsonpath｛。data。adminpassword｝base64echo2。TheGrafanaservercanbeaccessedviaport80onthefollowingDNSnamefromwithinyourcluster：grafana。grafana。svc。cluster。localIfyoubindgrafanato80，pleaseupdatevaluesinvalues。yamlandreinstall：securityContext：runAsUser：0runAsGroup：0fsGroup：0command：setcapcapnetbindserviceepusrsbingrafanaservershrun。shDetailsrefertohttps：grafana。comdocsinstallationconfigurationhttpport。Orgrafanawouldalwayscrash。Fromoutsidethecluster，theserverURL（s）are：http：grafana。k8s。local3。Loginwiththepasswordfromstep1andtheusername：adminWARNING：Persistenceisdisabled！！！YouwillloseyourdatawhentheGrafanapodisterminated。
　　查看kubectlgetpods，svc，ingressngrafana
　　5）访问web
　　http：grafana。k8s。local
　　账号：admin，密码通过下面命令获取0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXYkubectlgetsecretnamespacegrafanagrafanaojsonpath｛。data。adminpassword｝base64echo
　　6）配置https并更新
　　证书的就用上面的，注意记得把stl文件copy到grafana部署目录1、修改配置。。。ingress：。。。tls：secretName：prometheusalertstlshosts：grafana。k8s。local。。。secrets：name：grafanaalertstlscert：tlsk8s。local。crtkey：tlsk8s。local。key
　　新增一个templatestlssecret。yaml文件｛｛range。Values。secrets｝｝apiVersion：v1kind：Secretmetadata：name：｛｛。name｝｝data：tls。crt：｛｛。Files。Get。certb64enc｝｝tls。key：｛｛。Files。Get。keyb64enc｝｝type：kubernetes。iotls｛｛end｝｝2、upgrade更新helmupgradegrafana。ngrafana
　　查看kubectlgetpods，svc，ingressngrafana
　　web访问：https：grafana。k8s。local
　　账号：admin，密码通过下面命令获取0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXYkubectlgetsecretnamespacegrafanagrafanaojsonpath｛。data。adminpassword｝base64echo
　　7）卸载helmuninstallgrafanangrafanakubectldeletepodngrafanakubectlgetpodngrafanaawkNR1｛print1｝forcekubectlpatchnsgrafanap｛metadata：｛finalizers：null｝｝kubectldeletensgrafanaforce
　　PrometheusonK8s环境部署就先到这里了，下一篇文章讲具体怎么使用Prometheusgrafana监控k8s资源，请小伙伴耐心等待哦，有任何疑问欢迎给我留言哦