本文介绍如何通过修改Prometheus监控配置来采集指定虚拟节点的Metrics。
功能介绍
在虚拟节点的架构设计下,同一集群内的多个虚拟节点会共享同一个Node IP。导致在采集单个虚拟节点的数据时,会返回所有虚拟节点的全量数据。由于Prometheus常通过Kubelet Service采集所有节点的Metrics,因此会出现Metrics重复的现象。为了解决这个问题,容器服务 Kubernetes 版 ACK(Container Service for Kubernetes)提供了采集指定虚拟节点的Metrics数据的能力。除了保留原有的采集端点<nodeIP>:10250/metrics/cadvisor外,还额外提供指定虚拟节点名称的端点<nodeIP>:10250/metrics/cadvisor?nodeName=<nodeName> 。指定虚拟节点名称后,虚拟节点仅返回对应虚拟节点管理的所有Pod的监控数据,
前提条件
已安装ACK Virtual Node组件,且组件版本为v2.11.0及以上,请参见ACK Virtual Node。
修改Prometheus监控配置
您可以通过修改Prometheus监控配置来采集指定虚拟节点的Metrics。容器服务 Kubernetes 版支持阿里云可观测监控 Prometheus 版、社区版Prometheus Operator方案(或容器服务 Kubernetes 版的应用市场ack-prometheus-operator)和开源Prometheus三种场景下的配置方式。
阿里云可观测监控 Prometheus 版
默认支持,无需额外操作。
社区版Prometheus Operator
如果您使用的Prometheus方案为社区Prometheus Operator方案,以及容器服务 Kubernetes 版应用市场ack-prometheus-operator,需要增加以下ServiceMonitor CR配置。
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: virtual-kubelet
namespace: monitoring
labels:
k8s-app: kubelet
# 增加该label用于prometheus-operator自动管理。
release: prometheus-operator
spec:
jobLabel: k8s-app
selector:
matchLabels:
k8s-app: kubelet
namespaceSelector:
matchNames:
- kube-system
endpoints:
- port: https-metrics
interval: 15s
scheme: https
path: /metrics/cadvisor
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
relabelings:
# 只保留Virtual Node的端点。
- sourceLabels: [__meta_kubernetes_endpoint_address_target_name]
regex: (^virtual-kubelet.*)
action: keep
# 增加指定nodeName的查询参数。
- sourceLabels: [__meta_kubernetes_endpoint_address_target_name]
regex: (^virtual-kubelet.*)
targetLabel: __param_nodeName
replacement: ${1}
action: replace如果集群中已经配置了基于kubelet service的服务发现来收集cAdvisor的Metrics,您需要增加以下配置来移除对<Virtual Node IP>:10250/metrics/cadvisor的采集配置,避免重复采集数据。
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
...
spec:
endpoints:
- path: /metrics/cadvisor
port: https-metrics
...
relabelings:
# 这个relabeling规则使得所有Target名称以virtual-kubelet开头的endpoints被丢弃.
- action: drop
regex: (^virtual-kubelet.*)
sourceLabels:
- __meta_kubernetes_endpoint_address_target_name开源Prometheus
在开源Prometheus中找到Prometheus的配置文件,通常位于/etc/prometheus/prometheus.yml或者您自定义的配置目录下,增加以下采集配置。
scrape_configs:
...其他job配置。
- job_name: monitoring/virtual-kubelet/0
honor_timestamps: true
scrape_interval: 15s
scrape_timeout: 10s
metrics_path: /metrics/cadvisor
scheme: https
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
relabel_configs:
- source_labels: [__meta_kubernetes_service_label_k8s_app]
separator: ;
regex: kubelet
replacement: $1
action: keep
- source_labels: [__meta_kubernetes_endpoint_port_name]
separator: ;
regex: https-metrics
replacement: $1
action: keep
- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
separator: ;
regex: Node;(.*)
target_label: node
replacement: ${1}
action: replace
- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
separator: ;
regex: Pod;(.*)
target_label: pod
replacement: ${1}
action: replace
- source_labels: [__meta_kubernetes_namespace]
separator: ;
regex: (.*)
target_label: namespace
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_service_name]
separator: ;
regex: (.*)
target_label: service
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_pod_name]
separator: ;
regex: (.*)
target_label: pod
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_pod_container_name]
separator: ;
regex: (.*)
target_label: container
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_service_name]
separator: ;
regex: (.*)
target_label: job
replacement: ${1}
action: replace
- source_labels: [__meta_kubernetes_service_label_k8s_app]
separator: ;
regex: (.+)
target_label: job
replacement: ${1}
action: replace
- separator: ;
regex: (.*)
target_label: endpoint
replacement: https-metrics
action: replace
- source_labels: [__meta_kubernetes_endpoint_address_target_name]
separator: ;
regex: (^virtual-kubelet.*)
replacement: $1
action: keep
- source_labels: [__meta_kubernetes_endpoint_address_target_name]
separator: ;
regex: (^virtual-kubelet.*)
target_label: __param_nodeName
replacement: ${1}
action: replace
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- kube-system如果集群中已经配置了基于kubelet service的服务发现来收集cAdvisor的Metrics,您需要增加以下配置来移除对<Virtual Node IP>:10250/metrics/cadvisor的采集配置,避免重复采集数据。
scrape_configs:
...其他job配置。
- job_name: monitoring/ack-prometheus-operator-kubelet/0
honor_labels: true
honor_timestamps: true
...
relabel_configs:
...
# 移除对虚拟节点的/metrics/cadviso端点的采集。
- source_labels: [__meta_kubernetes_endpoint_address_target_name]
separator: ;
regex: (^virtual-kubelet.*)
replacement: $1
action: drop