第七章监控kubernetes核心组件kube-apiserver · 如何以优雅的姿势监控kubernetes

# kubernetes 核心组件target监控 ![](https://box.kancloud.cn/32deea9d489ff9d0310d1abebefa9681_960x540.jpg) 修改api-server、kube-controller-manager、kube-scheduler、kubelets、kube-router配置文件监听地址，添加如下选项。使其能访问 metrics。 api-server 添加选项 --insecure-port=8080 --insecure-bind-address=0.0.0.0 kube-controller-manager --bind-address=0.0.0.0 --secure-port=10257 kube-scheduler kubelet 添加endpoint 配置prometheus taget 访问权限 --address=0.0.0.0 --authentication-token-webhook=true --authorization-mode=Webhook kube-router 配置metrics[参考地址](https://github.com/cloudnativelabs/kube-router/blob/master/Documentation/metrics.md) annotations: prometheus.io/scrape: "true" prometheus.io/port: "10258" 添加启动选项 ---master=10.18.19.98:8080 --metrics-port=10258 检查k8s 核心组件监听地址 netstat -tlunp | grep kube tcp 0 0 0.0.0.0:50051 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:10250 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:6443 0.0.0.0:* LISTEN 175680/kube-apiserv tcp 0 0 0.0.0.0:10252 0.0.0.0:* LISTEN 168570/kube-control tcp 0 0 0.0.0.0:10255 0.0.0.0:* LISTEN 108134/kubelet tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 175680/kube-apiserv tcp 0 0 0.0.0.0:10258 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:20244 0.0.0.0:* LISTEN 86466/kube-router tcp 0 0 0.0.0.0:4194 0.0.0.0:* LISTEN 108134/kubelet 访问各个组件 metrics curl http://10.18.19.98:8080/metrics #kube-apiser curl http://10.18.19.98:10251/metrics #kube-schedul curl http://10.18.19.98:10252/metrics #kube-controlle curl http://10.18.19.98:10255/metrics #kubelet curl http://10.18.19.98:10258/metrics #kube-router 创建k8s 组件servermonitor 服务 tree exporter-kube-apiserver/ exporter-kube-controller-manager/ exporter-kube-scheduler/ exporter-kube-router/ exporter-kubelets/ exporter-kube-apiserver/ └── prometheus-k8s-service-monitor-apiserver.yaml exporter-kube-controller-manager/ ├── kube-controller-manager-svc.yaml └── prometheus-k8s-service-monitor-kube-controller-manager.yaml exporter-kube-scheduler/ ├── kube-scheduler-svc.yaml └── prometheus-k8s-service-monitor-kube-scheduler.yaml exporter-kube-router/ ├── kube-router-svc.yaml └── prometheus-k8s-service-monitor-kube-scheduler.yaml exporter-kubelets/ └── prometheus-k8s-service-monitor-kubelet.yaml kubectl apply -f exporter-kube-apiserver/ > 注意 api-server 服务 namespace 在default使用默认svc kubernetes。其余组件服务在kube-system 空间，需要单独创建svc。 prometheus target检查组件状态 ![k8s target metrics](https://box.kancloud.cn/f4809c26f8b56b18edb535044968c6b1_902x1040.png) 查看api-server servicemonitor 资源 kubectl get servicemonitors -n monitoring NAME AGE kube-apiserver 18m kube-controller-manager 18m kube-router 18m kube-scheduler 18m kube-state-metrics 1d kubelet 18m node-exporter 7h prometheus 1d prometheus-operator 1d