创建monitor-sa 工作空间
[root@k8smaster1 prometheus]# cat monitor-sa.json
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata":{
"name": "monitor-sa",
"labels":{
"name": "dev"
}
}
}
[root@k8smaster1 prometheus]# kubectl apply -f monitor-sa.json
namespace/monitor-sa created
[root@k8smaster1 prometheus]# kubectl get namespace monitor-sa
NAME STATUS AGE
monitor-sa Active 105s
You have new mail in /var/spool/mail/root
[root@k8smaster1 prometheus]# kubectl get namespace monitor-sa --show-labels
NAME STATUS AGE LABELS
monitor-sa Active 2m1s kubernetes.io/metadata.name=monitor-sa,name=dev
[root@k8smaster1 prometheus]#
导入node-exporter镜像
[root@k8smaster1 prometheus]# ctr -n k8s.io images import node-exporter.tar.gz
unpacking docker.io/prom/node-exporter:v0.16.0 (sha256:efc8140e40b5c940d67056cb56d720ed66965eabe03865ab1595705f4f847009)...done
[root@k8smaster1 prometheus]# crictl images list
IMAGE TAG IMAGE ID SIZE
docker.io/calico/cni v3.18.0 727de170e4ce9 131MB
docker.io/calico/kube-controllers v3.18.0 9a154323fbf74 53.4MB
docker.io/calico/node v3.18.0 5a7c4970fbc29 177MB
docker.io/calico/pod2daemon-flexvol v3.18.0 2a22066e9588d 21.8MB
docker.io/library/busybox 1.28 8c811b4aec35f 1.36MB
docker.io/library/tomcat 8.5-jre8-alpine 8b8b1eb786b54 110MB
docker.io/prom/node-exporter v0.16.0 188af75e2de02 24.3MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen v1.1.1 c41e9fcadf5a2 49.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller v1.1.0 ae1a7201ec954 289MB
You have new mail in /var/spool/mail/root
[root@k8smaster1 prometheus]#
编写Yaml
[root@k8smaster1 prometheus]# cat node-exporter.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: monitor-sa
labels:
name: node-exporter
spec:
selector:
matchLabels:
name: node-exporter
template:
metadata:
labels:
name: node-exporter
spec:
hostPID: true
hostIPC: true
hostNetwork: true
containers:
- name: node-exporter
image: docker.io/prom/node-exporter:v0.16.0
imagePullPolicy: IfNotPresent
ports:
- name: node-exporter
containerPort: 9100
resources:
requests:
cpu: 0.15
securityContext:
privileged: true
args:
- --path.procfs
- /host/proc
- --path.sysfs
- /host/sys
- --collector.filesystem.ignored-mount-points
- '"^/(sys|proc|dev|host|etc)($|/)"'
volumeMounts:
- name: proc
mountPath: /host/proc
- name: dev
mountPath: /host/dev
- name: sys
mountPath: /host/sys
- name: rootfs
mountPath: /host/rootfs
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
volumes:
- name: proc
hostPath:
path: /proc
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: rootfs
hostPath:
path: /
测试采集结果
[root@k8smaster1 prometheus]# curl 192.168.1.172:9100/metrics | grep node_cpu_seconds
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0# HELP node_cpu_seconds_total Seconds the cpus spent in each mode.
# TYPE node_cpu_seconds_total counter
node_cpu_seconds_total{cpu="0",mode="idle"} 113080.5
node_cpu_seconds_total{cpu="0",mode="iowait"} 20.36
node_cpu_seconds_total{cpu="0",mode="irq"} 0
node_cpu_seconds_total{cpu="0",mode="nice"} 0
node_cpu_seconds_total{cpu="0",mode="softirq"} 52.86
node_cpu_seconds_total{cpu="0",mode="steal"} 0
node_cpu_seconds_total{cpu="0",mode="system"} 1400.28
node_cpu_seconds_total{cpu="0",mode="user"} 1149.44
node_cpu_seconds_total{cpu="1",mode="idle"} 112795.63
node_cpu_seconds_total{cpu="1",mode="iowait"} 25.86
node_cpu_seconds_total{cpu="1",mode="irq"} 0
node_cpu_seconds_total{cpu="1",mode="nice"} 0.11
node_cpu_seconds_total{cpu="1",mode="softirq"} 34
node_cpu_seconds_total{cpu="1",mode="steal"} 0
top 然后输入1,比对CPU
[root@k8smaster1 prometheus]# top
top - 19:44:24 up 1 day, 8:18, 2 users, load average: 0.02, 0.08, 0.13
Tasks: 224 total, 1 running, 223 sleeping, 0 stopped, 0 zombie
%Cpu0 : 1.3 us, 1.3 sy, 0.0 ni, 97.0 id, 0.0 wa, 0.0 hi, 0.3 si, 0.0 st
%Cpu1 : 1.3 us, 1.0 sy, 0.0 ni, 97.0 id, 0.3 wa, 0.0 hi, 0.3 si, 0.0 st
%Cpu2 : 1.7 us, 1.4 sy, 0.0 ni, 97.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu3 : 1.7 us, 1.3 sy, 0.0 ni, 97.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
安装Prometheus
创建sa
[root@k8smaster1 prometheus]# kubectl create serviceaccount monitor -n monitor-sa
serviceaccount/monitor created
[root@k8smaster1 prometheus]# kubectl get sa -n monitor-sa
NAME SECRETS AGE
default 0 3h36m
monitor 0 17s
[root@k8smaster1 prometheus]#
绑定sa 到 cluster-admin
[root@k8smaster1 prometheus]# kubectl create clusterrolebinding monitor-clusterrolebinding -n monitor-sa --clusterrole=cluster-admin --serviceaccount=monitor-sa:monitor
clusterrolebinding.rbac.authorization.k8s.io/monitor-clusterrolebinding created
查看创建结果
[root@k8smaster1 prometheus]# kubectl get clusterrole cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2023-06-28T06:07:01Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin
resourceVersion: "112"
uid: c63bac2e-44d1-4fdc-92c0-bfcd3d87761b
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
[root@k8smaster1 prometheus]# kubectl get clusterrole -n monitor-sa | grep monitor
system:monitoring 2023-06-28T06:07:01Z
[root@k8smaster1 prometheus]#
授权user用户,绑定到cluster-admin
[root@k8smaster1 prometheus]# kubectl create clusterrolebinding monitor-clusterrolebinding1 -n monitor-sa --clusterrole=cluster-admin --user=system:serviceaccount:monitor:monitor-sa
clusterrolebinding.rbac.authorization.k8s.io/monitor-clusterrolebinding1 created
You have new mail in /var/spool/mail/root
[root@k8smaster1 prometheus]#
