Pulogalamu ya ProHoster > Blog > Ulamuliro > Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Moni nonse. Mu Meyi OTUS imayambitsa msonkhano wowunikira ndi kudula mitengo, zonse zomangamanga ndi ntchito pogwiritsa ntchito Zabbix, Prometheus, Grafana ndi ELK. Pachifukwa ichi, timagawana zinthu zothandiza pamutuwu.

Blackbox exporter ya Prometheus imakupatsani mwayi wowunikira ntchito zakunja kudzera pa HTTP, HTTPS, DNS, TCP, ICMP. M'nkhaniyi, ndikuwonetsani momwe mungakhazikitsire kuwunika kwa HTTP/HTTPS pogwiritsa ntchito Blackbox exporter. Tidzayambitsa Blackbox exporter ku Kubernetes.

Zachilengedwe

Tidzafunika zotsatirazi:

  • Kubernetes
  • Wothandizira Prometheus

Kukonzekera kwa blackbox kunja

Kukonza Blackbox kudzera ConfigMap kwa makonda http module yowunikira ntchito zapaintaneti.

apiVersion: v1
kind: ConfigMap
metadata:
  name: prometheus-blackbox-exporter
  labels:
    app: prometheus-blackbox-exporter
data:
  blackbox.yaml: |
    modules:
      http_2xx:
        http:
          no_follow_redirects: false
          preferred_ip_protocol: ip4
          valid_http_versions:
          - HTTP/1.1
          - HTTP/2
          valid_status_codes: []
        prober: http
        timeout: 5s

Gawo http_2xx amagwiritsidwa ntchito kuwunika ngati tsamba lawebusayiti likubweza HTTP 2xx code code. Kusintha kwa blackbox exporter kumafotokozedwa mwatsatanetsatane mu zolemba.

Kutumiza kunja kwa blackbox ku gulu la Kubernetes

Fotokozani Deployment ΠΈ Service kuti atumizidwe ku Kubernetes.

---
kind: Service
apiVersion: v1
metadata:
  name: prometheus-blackbox-exporter
  labels:
    app: prometheus-blackbox-exporter
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 9115
      protocol: TCP
  selector:
    app: prometheus-blackbox-exporter

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus-blackbox-exporter
  labels:
    app: prometheus-blackbox-exporter
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus-blackbox-exporter
  template:
    metadata:
      labels:
        app: prometheus-blackbox-exporter
    spec:
      restartPolicy: Always
      containers:
        - name: blackbox-exporter
          image: "prom/blackbox-exporter:v0.15.1"
          imagePullPolicy: IfNotPresent
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          args:
            - "--config.file=/config/blackbox.yaml"
          resources:
            {}
          ports:
            - containerPort: 9115
              name: http
          livenessProbe:
            httpGet:
              path: /health
              port: http
          readinessProbe:
            httpGet:
              path: /health
              port: http
          volumeMounts:
            - mountPath: /config
              name: config
        - name: configmap-reload
          image: "jimmidyson/configmap-reload:v0.2.2"
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsNonRoot: true
            runAsUser: 65534
          args:
            - --volume-dir=/etc/config
            - --webhook-url=http://localhost:9115/-/reload
          resources:
            {}
          volumeMounts:
            - mountPath: /etc/config
              name: config
              readOnly: true
      volumes:
        - name: config
          configMap:
            name: prometheus-blackbox-exporter

Blackbox exporter ikhoza kutumizidwa pogwiritsa ntchito lamulo ili. Malo a mayina monitoring amatanthauza Prometheus Operator.

kubectl --namespace=monitoring apply -f blackbox-exporter.yaml

Onetsetsani kuti ntchito zonse zikuyenda pogwiritsa ntchito lamulo ili:

kubectl --namespace=monitoring get all --selector=app=prometheus-blackbox-exporter

Chongani Blackbox

Mutha kulumikizana ndi tsamba la Blackbox exporter pogwiritsa ntchito port-forward:

kubectl --namespace=monitoring port-forward svc/prometheus-blackbox-exporter 9115:9115

Lumikizani ku intaneti ya Blackbox exporter kudzera pa msakatuli pa localhost: 9115.

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Ngati mupita ku adilesi http://localhost:9115/probe?module=http_2xx&target=https://www.google.com, muwona zotsatira zowonera ulalo womwe watchulidwa (https://www.google.com).

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Mtengo wa metric probe_success wofanana ndi 1 zikutanthauza cheke bwino. Mtengo wa 0 ukuwonetsa cholakwika.

Kupanga Prometheus

Pambuyo potumiza kunja kwa BlackBox, timakonza Prometheus mkati prometheus-additional.yaml.

- job_name: 'kube-api-blackbox'
  scrape_interval: 1w
  metrics_path: /probe
  params:
    module: [http_2xx]
  static_configs:
   - targets:
      - https://www.google.com
      - http://www.example.com
      - https://prometheus.io
  relabel_configs:
   - source_labels: [__address__]
     target_label: __param_target
   - source_labels: [__param_target]
     target_label: instance
   - target_label: __address__
     replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.

Timapanga Secretpogwiritsa ntchito lamulo ili.

PROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: additional-scrape-configs
type: Opaque
data:
  prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF

Tikuwonetsa additional-scrape-configs kwa Prometheus Operator ntchito additionalScrapeConfigs.

kubectl --namespace=monitoring edit prometheuses k8s
...
spec:
  additionalScrapeConfigs:
    key: prometheus-additional.yaml
    name: additional-scrape-configs

Timapita ku mawonekedwe a tsamba la Prometheus ndikuwona ma metric ndi zolinga.

kubectl --namespace=monitoring port-forward svc/prometheus-k8s 9090:9090

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Tikuwona ma metric ndi zolinga za Blackbox.

Kuonjezera malamulo azidziwitso (chidziwitso)

Kuti tilandire zidziwitso kuchokera kwa wogulitsa kunja kwa Blackbox, tidzawonjezera malamulo ku Prometheus Operator.

kubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
  - name: blackbox-exporter
    rules:
    - alert: ProbeFailed
      expr: probe_success == 0
      for: 5m
      labels:
        severity: error
      annotations:
        summary: "Probe failed (instance {{ $labels.instance }})"
        description: "Probe failedn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: SlowProbe
      expr: avg_over_time(probe_duration_seconds[1m]) > 1
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: "Slow probe (instance {{ $labels.instance }})"
        description: "Blackbox probe took more than 1s to completen  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: HttpStatusCode
      expr: probe_http_status_code <= 199 OR probe_http_status_code >= 400
      for: 5m
      labels:
        severity: error
      annotations:
        summary: "HTTP Status Code (instance {{ $labels.instance }})"
        description: "HTTP status code is not 200-399n  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: SslCertificateWillExpireSoon
      expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 30
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: "SSL certificate will expire soon (instance {{ $labels.instance }})"
        description: "SSL certificate expires in 30 daysn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: SslCertificateHasExpired
      expr: probe_ssl_earliest_cert_expiry - time()  <= 0
      for: 5m
      labels:
        severity: error
      annotations:
        summary: "SSL certificate has expired (instance {{ $labels.instance }})"
        description: "SSL certificate has expired alreadyn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: HttpSlowRequests
      expr: avg_over_time(probe_http_duration_seconds[1m]) > 1
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: "HTTP slow requests (instance {{ $labels.instance }})"
        description: "HTTP request took more than 1sn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"
    - alert: SlowPing
      expr: avg_over_time(probe_icmp_duration_seconds[1m]) > 1
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: "Slow ping (instance {{ $labels.instance }})"
        description: "Blackbox ping took more than 1sn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"

Mu mawonekedwe a intaneti a Prometheus, pitani ku Status => Malamulo ndikupeza malamulo ochenjeza a blackbox-exporter.

Prometheus: Kuwunika kwa HTTP kudzera pa Blackbox exporter

Kukonza Kubernetes API Server SSL Zidziwitso Zakutha kwa Satifiketi Yakutha

Tiyeni tikonze Kubernetes API Server SSL yowunikira kutha kwa ntchito. Itumiza zidziwitso kamodzi pa sabata.

Kuonjezera gawo la Blackbox exporter la Kubernetes API Server Authentication.

kubectl --namespace=monitoring edit configmap prometheus-blackbox-exporter
...
      kube-api:
        http:
          method: GET
          no_follow_redirects: false
          preferred_ip_protocol: ip4
          tls_config:
            insecure_skip_verify: false
            ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
          bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
          valid_http_versions:
          - HTTP/1.1
          - HTTP/2
          valid_status_codes: []
        prober: http
        timeout: 5s

Kuwonjezera Prometheus scrape kasinthidwe

- job_name: 'kube-api-blackbox'
  metrics_path: /probe
  params:
    module: [kube-api]
  static_configs:
   - targets:
      - https://kubernetes.default.svc/api
  relabel_configs:
   - source_labels: [__address__]
     target_label: __param_target
   - source_labels: [__param_target]
     target_label: instance
   - target_label: __address__
     replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.

Kugwiritsa ntchito Chinsinsi cha Prometheus

PROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: additional-scrape-configs
type: Opaque
data:
  prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF

Kuwonjezera malamulo ochenjeza

kubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
  - name: k8s-api-server-cert-expiry
    rules:
    - alert: K8sAPIServerSSLCertExpiringAfterThreeMonths
      expr: probe_ssl_earliest_cert_expiry{job="kube-api-blackbox"} - time() < 86400 * 90 
      for: 1w
      labels:
        severity: warning
      annotations:
        summary: "Kubernetes API Server SSL certificate will expire after three months (instance {{ $labels.instance }})"
        description: "Kubernetes API Server SSL certificate expires in 90 daysn  VALUE = {{ $value }}n  LABELS: {{ $labels }}"

maulalo othandiza

Kuwunika ndikudula mitengo mu Docker

Source: www.habr.com