如果使用原生kube-prometheus 安装的 kube-prometheus 只会监控 default kube-system monitoring(kube-prometheus 自己创建的ns)三个命名空间,而如果想要添加其他的命名空间,就需要定制化kube-prometheus
定制步骤
自动化脚本如下
# 所有操作均使用root账户
#安装golang并设置环境变量
dnf install -y git
curl -O https://dl.google.com/go/go1.15.2.linux-amd64.tar.gz
tar -xf go1.15.2.linux-amd64.tar.gz
mv go /usr/local
echo >> "export PATH=$PATH:/usr/local/go/bin" ~/.bashrc
echo >> "export PATH=$PATH:/root/go/bin" ~/.bashrc
echo >> "export GOPATH=/root/go" ~/.bashrc
echo >> "export GO111MODULE="on"" ~/.bashrc
source ~/.bashrc
# 安装jsonnet 和 jb 工具 定制化 kube-prometheus 需要用到
#安装json-bundle
go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb
#安装jsonnet
go get github.com/google/go-jsonnet/cmd/jsonnet
#clone kube-prometheus
git clone https://github.com/prometheus-operator/kube-prometheus.git
mkdir my-kube-prometheus
# 把clone下来的代码复制衣服,因为客户化的代码,不会生成CRD,但是会白manifests下的文件都删掉
cp -r kube-prometheus/* my-kube-prometheus
cd my-kube-prometheus
# 安装必要的jsonnet依赖库
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus
jb update
cat add-namespace.yaml << EOF
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
_config+:: {
namespace: 'monitoring',
prometheus+:: {
namespaces+: ['default', 'kube-system','monitoring','rook-ceph'],
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
EOF
如果要除了添加对应的namespace 还要添加对应点 servicemonitor,参看这里
生成客户化的kube-prometheus
./build.sh add-namespace.yaml
然后就可以看到
[root@k8smaster my-kube-prometheus]# ./build.sh add-namespace.jsonnet
+ set -o pipefail
++ pwd
+ PATH=/root/my-kube-prometheus/tmp/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/go/bin:/usr/local/go/bin:/usr/local/go/bin:/usr/local/go/bin:/root/go/bin
+ rm -rf manifests
+ mkdir -p manifests/setup
+ jsonnet -J vendor -m manifests add-namespace.jsonnet
+ xargs '-I{}' sh -c 'cat {} | gojsontoyaml > {}.yaml' -- '{}'
+ find manifests -type f '!' -name '*.yaml' -delete
+ rm -f kustomization
最后通过对比,发现生成出来的文件,只有
- prometheus-roleSpecificNamespaces.yaml
- prometheus-roleBindingSpecificNamespaces.yaml 发生了变化
变化内容如下
prometheus-roleBindingSpecificNamespaces.yaml
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prometheus-k8s
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus-k8s
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prometheus-k8s
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus-k8s
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prometheus-k8s
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus-k8s
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prometheus-k8s
namespace: rook-ceph
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus-k8s
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring
prometheus-roleSpecificNamespaces.yaml
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: default
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: monitoring
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: rook-ceph
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
