k8s 部署 prometheus 采集监控

2024-07-31

安装

git clone [email protected]:prometheus-operator/kube-prometheus.git
cd kube-prometheus
kubectl apply --server-side -f manifests/setup
kubectl wait --for condition=Established --all CustomResourceDefinition --namespace=monitoring
kubectl apply -f manifests/

由于kube-prometheus 有 networkpolicy，所以不能访问 monitoring 命名空间的 pod，需要把 networkpolicy 删除掉

1

kubectl -n monitoring delete networkpolicies.networking.k8s.io --all

问题排查

如果配置了 servicemonitor还是不能访问，检查servicemonitor配置，给 prometheus 增加权限

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19


--- a/manifests/prometheus-clusterRole.yaml
+++ b/manifests/prometheus-clusterRole.yaml
@@ -12,10 +12,12 @@ rules:
 - apiGroups:
   - ""
   resources:
+  - nodes
+  - services
+  - endpoints
+  - pods
   - nodes/metrics
-  verbs:
-  - get
+  verbs: ["get", "list", "watch"]
 - nonResourceURLs:
   - /metrics
-  verbs:
-  - get
+  verbs: ["get", "list", "watch"]

参考

https://github.com/prometheus-operator/kube-prometheus/issues/1763#issuecomment-1139553506

#K8s