第七章監控kubernetes核心組件kube-apiserver · 如何以優雅的姿勢監控kubernetes

# kubernetes 核心組件target監控 ![](https://box.kancloud.cn/32deea9d489ff9d0310d1abebefa9681_960x540.jpg) 修改api-server、kube-controller-manager、kube-scheduler、kubelets、kube-router配置文件監聽地址，添加如下選項。使其能訪問 metrics。 api-server 添加選項 --insecure-port=8080 --insecure-bind-address=0.0.0.0 kube-controller-manager --bind-address=0.0.0.0 --secure-port=10257 kube-scheduler kubelet 添加endpoint 配置prometheus taget 訪問權限 --address=0.0.0.0 --authentication-token-webhook=true --authorization-mode=Webhook kube-router 配置metrics[參考地址](https://github.com/cloudnativelabs/kube-router/blob/master/Documentation/metrics.md) annotations: prometheus.io/scrape: "true" prometheus.io/port: "10258" 添加啟動選項 ---master=10.18.19.98:8080 --metrics-port=10258 檢查k8s 核心組件監聽地址 netstat -tlunp | grep kube tcp 0 0 0.0.0.0:50051 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:10250 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN 175680/kube-apiserv tcp 0 0 0.0.0.0:10252 0.0.0.0:* LISTEN 168570/kube-control tcp 0 0 0.0.0.0:10255 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 175680/kube-apiserv tcp 0 0 0.0.0.0:10258 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:20244 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:4194 0.0.0.0:* LISTEN 108134/kubelet 訪問各個組件 metrics curl http://10.18.19.98:8080/metrics #kube-apiser curl http://10.18.19.98:10251/metrics #kube-schedul curl http://10.18.19.98:10252/metrics #kube-controlle curl http://10.18.19.98:10255/metrics #kubelet curl http://10.18.19.98:10258/metrics #kube-router 創建k8s 組件servermonitor 服務 tree exporter-kube-apiserver/ exporter-kube-controller-manager/ exporter-kube-scheduler/ exporter-kube-router/ exporter-kubelets/ exporter-kube-apiserver/ └── prometheus-k8s-service-monitor-apiserver.yaml exporter-kube-controller-manager/ ├── kube-controller-manager-svc.yaml └── prometheus-k8s-service-monitor-kube-controller-manager.yaml exporter-kube-scheduler/ ├── kube-scheduler-svc.yaml └── prometheus-k8s-service-monitor-kube-scheduler.yaml exporter-kube-router/ ├── kube-router-svc.yaml └── prometheus-k8s-service-monitor-kube-scheduler.yaml exporter-kubelets/ └── prometheus-k8s-service-monitor-kubelet.yaml kubectl apply -f exporter-kube-apiserver/ > 注意 api-server 服務 namespace 在default使用默認svc kubernetes。其余組件服務在kube-system 空間，需要單獨創建svc。 prometheus target檢查組件狀態 ![k8s target metrics](https://box.kancloud.cn/f4809c26f8b56b18edb535044968c6b1_902x1040.png) 查看api-server servicemonitor 資源 kubectl get servicemonitors -n monitoring NAME AGE kube-apiserver 18m kube-controller-manager 18m kube-router 18m kube-scheduler 18m kube-state-metrics 1d kubelet 18m node-exporter 7h prometheus 1d prometheus-operator 1d