Moni nonse. Mu Meyi OTUS imayambitsa
Zachilengedwe
Tidzafunika zotsatirazi:
- Kubernetes
- Wothandizira Prometheus
Kukonzekera kwa blackbox kunja
Kukonza Blackbox kudzera ConfigMap
kwa makonda http
module yowunikira ntchito zapaintaneti.
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
data:
blackbox.yaml: |
modules:
http_2xx:
http:
no_follow_redirects: false
preferred_ip_protocol: ip4
valid_http_versions:
- HTTP/1.1
- HTTP/2
valid_status_codes: []
prober: http
timeout: 5s
Gawo http_2xx
amagwiritsidwa ntchito kuwunika ngati tsamba lawebusayiti likubweza HTTP 2xx code code. Kusintha kwa blackbox exporter kumafotokozedwa mwatsatanetsatane mu
Kutumiza kunja kwa blackbox ku gulu la Kubernetes
Fotokozani Deployment
ΠΈ Service
kuti atumizidwe ku Kubernetes.
---
kind: Service
apiVersion: v1
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
spec:
type: ClusterIP
ports:
- name: http
port: 9115
protocol: TCP
selector:
app: prometheus-blackbox-exporter
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
spec:
replicas: 1
selector:
matchLabels:
app: prometheus-blackbox-exporter
template:
metadata:
labels:
app: prometheus-blackbox-exporter
spec:
restartPolicy: Always
containers:
- name: blackbox-exporter
image: "prom/blackbox-exporter:v0.15.1"
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
args:
- "--config.file=/config/blackbox.yaml"
resources:
{}
ports:
- containerPort: 9115
name: http
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
volumeMounts:
- mountPath: /config
name: config
- name: configmap-reload
image: "jimmidyson/configmap-reload:v0.2.2"
imagePullPolicy: "IfNotPresent"
securityContext:
runAsNonRoot: true
runAsUser: 65534
args:
- --volume-dir=/etc/config
- --webhook-url=http://localhost:9115/-/reload
resources:
{}
volumeMounts:
- mountPath: /etc/config
name: config
readOnly: true
volumes:
- name: config
configMap:
name: prometheus-blackbox-exporter
Blackbox exporter ikhoza kutumizidwa pogwiritsa ntchito lamulo ili. Malo a mayina monitoring
amatanthauza Prometheus Operator.
kubectl --namespace=monitoring apply -f blackbox-exporter.yaml
Onetsetsani kuti ntchito zonse zikuyenda pogwiritsa ntchito lamulo ili:
kubectl --namespace=monitoring get all --selector=app=prometheus-blackbox-exporter
Chongani Blackbox
Mutha kulumikizana ndi tsamba la Blackbox exporter pogwiritsa ntchito port-forward
:
kubectl --namespace=monitoring port-forward svc/prometheus-blackbox-exporter 9115:9115
Lumikizani ku intaneti ya Blackbox exporter kudzera pa msakatuli pa
Ngati mupita ku adilesi
Mtengo wa metric probe_success
wofanana ndi 1 zikutanthauza cheke bwino. Mtengo wa 0 ukuwonetsa cholakwika.
Kupanga Prometheus
Pambuyo potumiza kunja kwa BlackBox, timakonza Prometheus mkati prometheus-additional.yaml
.
- job_name: 'kube-api-blackbox'
scrape_interval: 1w
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets:
- https://www.google.com
- http://www.example.com
- https://prometheus.io
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.
Timapanga Secret
pogwiritsa ntchito lamulo ili.
PROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-configs
type: Opaque
data:
prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF
Tikuwonetsa additional-scrape-configs
kwa Prometheus Operator ntchito additionalScrapeConfigs
.
kubectl --namespace=monitoring edit prometheuses k8s
...
spec:
additionalScrapeConfigs:
key: prometheus-additional.yaml
name: additional-scrape-configs
Timapita ku mawonekedwe a tsamba la Prometheus ndikuwona ma metric ndi zolinga.
kubectl --namespace=monitoring port-forward svc/prometheus-k8s 9090:9090
Tikuwona ma metric ndi zolinga za Blackbox.
Kuonjezera malamulo azidziwitso (chidziwitso)
Kuti tilandire zidziwitso kuchokera kwa wogulitsa kunja kwa Blackbox, tidzawonjezera malamulo ku Prometheus Operator.
kubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
- name: blackbox-exporter
rules:
- alert: ProbeFailed
expr: probe_success == 0
for: 5m
labels:
severity: error
annotations:
summary: "Probe failed (instance {{ $labels.instance }})"
description: "Probe failedn VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: SlowProbe
expr: avg_over_time(probe_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "Slow probe (instance {{ $labels.instance }})"
description: "Blackbox probe took more than 1s to completen VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: HttpStatusCode
expr: probe_http_status_code <= 199 OR probe_http_status_code >= 400
for: 5m
labels:
severity: error
annotations:
summary: "HTTP Status Code (instance {{ $labels.instance }})"
description: "HTTP status code is not 200-399n VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: SslCertificateWillExpireSoon
expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 30
for: 5m
labels:
severity: warning
annotations:
summary: "SSL certificate will expire soon (instance {{ $labels.instance }})"
description: "SSL certificate expires in 30 daysn VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: SslCertificateHasExpired
expr: probe_ssl_earliest_cert_expiry - time() <= 0
for: 5m
labels:
severity: error
annotations:
summary: "SSL certificate has expired (instance {{ $labels.instance }})"
description: "SSL certificate has expired alreadyn VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: HttpSlowRequests
expr: avg_over_time(probe_http_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "HTTP slow requests (instance {{ $labels.instance }})"
description: "HTTP request took more than 1sn VALUE = {{ $value }}n LABELS: {{ $labels }}"
- alert: SlowPing
expr: avg_over_time(probe_icmp_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "Slow ping (instance {{ $labels.instance }})"
description: "Blackbox ping took more than 1sn VALUE = {{ $value }}n LABELS: {{ $labels }}"
Mu mawonekedwe a intaneti a Prometheus, pitani ku Status => Malamulo ndikupeza malamulo ochenjeza a blackbox-exporter.
Kukonza Kubernetes API Server SSL Zidziwitso Zakutha kwa Satifiketi Yakutha
Tiyeni tikonze Kubernetes API Server SSL yowunikira kutha kwa ntchito. Itumiza zidziwitso kamodzi pa sabata.
Kuonjezera gawo la Blackbox exporter la Kubernetes API Server Authentication.
kubectl --namespace=monitoring edit configmap prometheus-blackbox-exporter
...
kube-api:
http:
method: GET
no_follow_redirects: false
preferred_ip_protocol: ip4
tls_config:
insecure_skip_verify: false
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
valid_http_versions:
- HTTP/1.1
- HTTP/2
valid_status_codes: []
prober: http
timeout: 5s
Kuwonjezera Prometheus scrape kasinthidwe
- job_name: 'kube-api-blackbox'
metrics_path: /probe
params:
module: [kube-api]
static_configs:
- targets:
- https://kubernetes.default.svc/api
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.
Kugwiritsa ntchito Chinsinsi cha Prometheus
PROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-configs
type: Opaque
data:
prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF
Kuwonjezera malamulo ochenjeza
kubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
- name: k8s-api-server-cert-expiry
rules:
- alert: K8sAPIServerSSLCertExpiringAfterThreeMonths
expr: probe_ssl_earliest_cert_expiry{job="kube-api-blackbox"} - time() < 86400 * 90
for: 1w
labels:
severity: warning
annotations:
summary: "Kubernetes API Server SSL certificate will expire after three months (instance {{ $labels.instance }})"
description: "Kubernetes API Server SSL certificate expires in 90 daysn VALUE = {{ $value }}n LABELS: {{ $labels }}"
maulalo othandiza
Source: www.habr.com