Prometheus+Grafana+Loki
July 13, 2023
Prometheus+Grafana в кластере mk8s с ingress и отдельным namespace
Managed Service for Kubernetes позволяет выгружать метрики объектов кластера в системы мониторинга.
kubectl create ns observability
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm install prometheus prometheus-community/prometheus -n observability kubectl get pods -l "app=prometheus"
Установка кеширующего прокси trickster.
Кеширующий прокси trickster ускоряет чтение из базы данных Prometheus, что позволяет отображать метрики Grafana практически в реальном времени, а также снизить нагрузку на Prometheus.
helm repo add tricksterproxy https://helm.tricksterproxy.io && \ helm repo update
Создаём манифест trickster.yaml.
frontend:
listenAddress: ""
tlsListenAddress: ""
tlsListenPort: ""
connectionsLimit: "0"
origins:
- name: default
originType: prometheus
originURL: http://my-prom-prometheus-server:80
profiler:
enabled: false
port: 6060
prometheusScrape: false
prometheus:
serviceMonitor:
enabled: false
interval: 30s
labels: {}
replicaCount: 1
image:
repository: tricksterproxy/trickster
tag: "1.1"
pullPolicy: IfNotPresent
service:
annotations: {}
labels: {}
clusterIP: ""
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
metricsPort: 8481
servicePort: 8480
type: ClusterIP
ingress:
enabled: false
annotations: {}
extraLabels: {}
hosts: []
tls: []
volumes:
persistent:
type: "persistentVolume"
enabled: false
mountPath: "/tmp/trickster"
accessModes:
- ReadWriteOnce
annotations: {}
existingClaim: ""
size: 15Gi
generic:
type: "generic"
enabled: true
mountPath: "/tmp/trickster"
podAnnotations: {}
resources: {}
securityContext: {}helm install trickster tricksterproxy/trickster --namespace observability -f trickster.yaml
kubectl get pods -l "app=trickster"
htpasswd -c auth cameda kubectl create secret generic basic-auth --from-file=auth
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-pvc
namespace: observability
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: grafana
name: grafana
namespace: observability
spec:
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
securityContext:
fsGroup: 472
supplementalGroups:
- 0
containers:
- name: grafana
image: grafana/grafana:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: http-grafana
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /robots.txt
port: 3000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 3000
timeoutSeconds: 1
resources:
requests:
cpu: 250m
memory: 750Mi
volumeMounts:
- mountPath: /var/lib/grafana
name: grafana-pv
volumes:
- name: grafana-pv
persistentVolumeClaim:
claimName: grafana-pvc
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: observability
spec:
ports:
- port: 3000
protocol: TCP
targetPort: http-grafana
selector:
app: grafana
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana
namespace: observability
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Alex Wolf'
spec:
rules:
- host: grafana.prod.cameda1.tk
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
EOFlogin/password: admin/admin
- Name —
Prometheus. - URL — http://trickster:8480.