k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)
- Heapster+InfluxDB+Grafana簡介
heapster是一個監控計算、存儲、網絡等集羣資源的工具,以k8s內置的cAdvisor作爲數據源收集集羣信息,並彙總出有價值的性能數據(Metrics):cpu、內存、network、filesystem等,然後將這些數據輸出到外部存儲(backend),如InfluxDB,最後再通過相應的UI界面進行可視化展示,如grafana。 另外heapster的數據源和外部存儲都是可插拔的,所以可以很靈活的組建出很多監控方案,如:Heapster+ElasticSearch+Kibana等等。 - Heapster的整體架構圖
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
- 創建InfluxDB資源對象
#下載influxdb.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: monitoring-influxdb namespace: kube-system spec: replicas: 1 template: metadata: labels: task: monitoring k8s-app: influxdb spec: containers: - name: influxdb image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 volumeMounts: - mountPath: /data name: influxdb-storage volumes: - name: influxdb-storage emptyDir: {} --- apiVersion: v1 kind: Service metadata: labels: task: monitoring #For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) #If you are NOT using this as an addon, you should comment out this line. kubernetes.io/cluster-service: 'true' kubernetes.io/name: monitoring-influxdb name: monitoring-influxdb namespace: kube-system spec: type: NodePort ports: - nodePort: 31001 port: 8086 targetPort: 8086 selector: k8s-app: influxdb所需的Heapster+InfluxDB+Grafana配置文件,請在Kubernetes Dashboard1.8.3部署中的yaml鏈接中下載使用。
#influxdb.yaml文件需更改的地方: (1) image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 (換成自己的images) ##說明:這裏我在前文中提供的有images下載鏈接,直接下載使用不用更改! (2)這裏我們使用NotePort暴露monitoring-influxdb服務在主機的31001端口上,那麼InfluxDB服務端的地址:http://[host-ip]:31001 ,記下這個地址,以便創建heapster和爲grafana配置數據源時,可以直接使用。spec: type: NodePort ports: - nodePort: 31001 port: 8086 targetPort: 8086 selector: k8s-app: influxdb - 創建Grafana資源對象
#下載grafana.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: monitoring-grafana namespace: kube-system spec: replicas: 1 template: metadata: labels: task: monitoring k8s-app: grafana spec: containers: - name: grafana image: k8s.gcr.io/heapster-grafana-amd64:v4.4.3 ports: - containerPort: 3000 protocol: TCP volumeMounts: - mountPath: /etc/ssl/certs name: ca-certificates readOnly: true - mountPath: /var name: grafana-storage env: - name: INFLUXDB_HOST value: monitoring-influxdb - name: GF_SERVER_HTTP_PORT value: "3000" #The following env variables are required to make Grafana accessible via #the kubernetes api-server proxy. On production clusters, we recommend #removing these env variables, setup auth for grafana, and expose the grafana #service using a LoadBalancer or a public IP. - name: GF_AUTH_BASIC_ENABLED value: "false" - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" - name: GF_AUTH_ANONYMOUS_ORG_ROLE value: Admin - name: GF_SERVER_ROOT_URL #If you're only using the API Server proxy, set this value instead: #value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy value: / volumes: - name: ca-certificates hostPath: path: /etc/ssl/certs - name: grafana-storage emptyDir: {} --- apiVersion: v1 kind: Service metadata: labels: #For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) #If you are NOT using this as an addon, you should comment out this line. kubernetes.io/cluster-service: 'true' kubernetes.io/name: monitoring-grafana name: monitoring-grafana namespace: kube-system spec: #In a production setup, we recommend accessing Grafana through an external Loadbalancer #or through a public IP. #type: LoadBalancer #You could also use NodePort to expose the service at a randomly-generated port #type: NodePort type: NodePort ports: - nodePort: 30108 port: 80 targetPort: 3000 selector: k8s-app: grafana##說明雖然Heapster已經預先配置好了Grafana的Datasource和Dashboard,但是爲了方便訪問,這裏我們使用NotePort暴露monitoring-grafana服務在主機的30108上,那麼Grafana服務端的地址:http://192.168.245.16:30108 ,通過瀏覽器訪問,爲Grafana修改數據源,如下:
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
標紅的地方,爲上一步記錄下的InfluxDB服務端的地址。 - 創建Heapster資源對象
#下載heapster-rbac.yamlkind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: heapster roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:heapster subjects: - kind: ServiceAccount name: heapster namespace: kube-system#下載heapster.yamlapiVersion: v1 kind: ServiceAccount metadata: name: heapster namespace: kube-system --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: heapster namespace: kube-system spec: replicas: 1 template: metadata: labels: task: monitoring k8s-app: heapster spec: serviceAccountName: heapster containers: - name: heapster image: k8s.gcr.io/heapster-amd64:v1.5.3 imagePullPolicy: IfNotPresent command: - /heapster - --source=kubernetes:https://kubernetes.default #- --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086 - --sink=influxdb:http://192.168.246.167:31001 #influxdb服務端地址 --- apiVersion: v1 kind: Service metadata: labels: task: monitoring #For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) #If you are NOT using this as an addon, you should comment out this line. kubernetes.io/cluster-service: 'true' kubernetes.io/name: Heapster name: heapster namespace: kube-system spec: ports: - port: 80 targetPort: 8082 selector: k8s-app: heapster##說明(1)
--source 爲heapster指定獲取集羣信息的數據源。參考:https://github.com/kubernetes/heapster/blob/master/docs/source-configuration.md
--sink 爲heaster指定後端存儲,這裏我們使用InfluxDB,其他的,請參考:https://github.com/kubernetes/heapster/blob/master/docs/sink-owners.md
(2)heapster-rbac.yaml 文件作用
如沒有heapster-rbac.yaml 將導致權限的問題,heaster默認使用一個令牌(Token)與ApiServer進行認證,通過查看heapster.yml發現 serviceAccountName: heapster ,現在明白了吧,就是heaster沒有權限,那麼如何授權呢-----給heaster綁定一個有權限的角色就行了,即heapster-rbac.yaml配置的那樣! - 通過dashboard查看集羣概況
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
- 通過Grafana查看集羣詳情(cpu、memory、filesystem、network)
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
![k8s原生的集羣監控方案(Heapster+InfluxDB+Grafana)]()
