## 安装

```bash
git clone git@github.com:prometheus-operator/kube-prometheus.git
cd kube-prometheus
kubectl apply --server-side -f manifests/setup
kubectl wait --for condition=Established --all CustomResourceDefinition --namespace=monitoring
kubectl apply -f manifests/
```

由于`kube-prometheus` 有 `networkpolicy`，所以不能访问 monitoring 命名空间的 pod，需要把 `networkpolicy` 删除掉

```bash
kubectl -n monitoring delete networkpolicies.networking.k8s.io --all
```

## 问题排查

如果配置了 `servicemonitor`还是不能访问，检查`servicemonitor`配置，给 `prometheus` 增加权限

```git
--- a/manifests/prometheus-clusterRole.yaml
+++ b/manifests/prometheus-clusterRole.yaml
@@ -12,10 +12,12 @@ rules:
 - apiGroups:
   - ""
   resources:
+  - nodes
+  - services
+  - endpoints
+  - pods
   - nodes/metrics
-  verbs:
-  - get
+  verbs: ["get", "list", "watch"]
 - nonResourceURLs:
   - /metrics
-  verbs:
-  - get
+  verbs: ["get", "list", "watch"]
```

## 参考

1. <https://github.com/prometheus-operator/kube-prometheus/issues/1763#issuecomment-1139553506>