采集指定虚拟节点的Metrics

为了采集指定虚拟节点的Metrics数据,ACK在保留原有采集端点<nodeIP>:10250/metrics/cadvisor的基础上,额外提供指定虚拟节点名称的端点<nodeIP>:10250/metrics/cadvisor?nodeName=<nodeName>。您可以通过修改Prometheus监控配置来采集指定虚拟节点的Metrics。

功能介绍

在虚拟节点的架构设计下,同一集群内的多个虚拟节点会共享同一个Node IP。这导致在采集单个虚拟节点的数据时,会返回所有虚拟节点的全量数据。而Prometheus的常见采集配置会通过Kubelet Service来采集所有节点的Metrics。因此,在集群内存在多个虚拟节点的情况下,会出现Metrics重复的现象。

为了解决这个问题,ACK提供了采集指定虚拟节点的Metrics数据的能力。除了保留原有的采集端点<nodeIP>:10250/metrics/cadvisor外,还额外提供指定虚拟节点名称的端点<nodeIP>:10250/metrics/cadvisor?nodeName=<nodeName> 。指定虚拟节点名称后,虚拟节点仅返回对应虚拟节点管理的所有Pod的监控数据,

前提条件

已安装ACK Virtual Node组件,且组件版本为v2.11.0及以上,请参见ACK Virtual Node

修改Prometheus监控配置

您可以通过修改Prometheus监控配置来采集指定虚拟节点的Metrics。本小节介绍阿里云可观测监控 Prometheus 版、社区版Prometheus Operator方案(社区Prometheus Operator方案容器服务 Kubernetes 版的应用市场ack-prometheus-operator)和开源Prometheus三种场景下的配置方式。

阿里云可观测监控 Prometheus 版

默认支持,无需额外操作。

社区版Prometheus Operator

如果您使用的Prometheus方案为社区Prometheus Operator方案,以及容器服务 Kubernetes 版应用市场ack-prometheus-operator,需要增加以下ServiceMonitor CR配置。

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: virutal-kubelet
  namespace: monitoring
  labels:
    k8s-app: kubelet
    # 增加该label用于prometheus-operator自动管理。
    release: prometheus-operator
spec:
  jobLabel: k8s-app
  selector:
    matchLabels:
      k8s-app: kubelet
  namespaceSelector:
    matchNames:
    - kube-system
  endpoints:
  - port: https-metrics
    interval: 15s
    scheme: https
    path: /metrics/cadvisor
    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    tlsConfig:
      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      insecureSkipVerify: true
    relabelings:
    # 只保留Virtual Node的端点。
    - sourceLabels: [__meta_kubernetes_endpoint_address_target_name]
      regex: (^virtual-kubelet.*)
      action: keep
    # 增加指定nodeName的查询参数。
    - sourceLabels: [__meta_kubernetes_endpoint_address_target_name]
      regex: (^virtual-kubelet.*)
      targetLabel: __param_nodeName
      replacement: ${1}
      action: replace

如果集群中已经配置了基于kubelet service的服务发现来收集cAdvisor的Metrics,您需要增加以下配置来移除对<Virtual Node IP>:10250/metrics/cadvisor的采集配置,避免重复采集数据。

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
...
spec:
  endpoints:
  - path: /metrics/cadvisor
    port: https-metrics
    ...
    relabelings:
    # 这个relabeling规则使得所有Target名称以virtual-kubelet开头的endpoints被丢弃.
    - action: drop
      regex: (^virtual-kubelet.*)
      sourceLabels:
      - __meta_kubernetes_endpoint_address_target_name

开源Prometheus

在开源Prometheus中找到Prometheus的配置文件,通常位于/etc/prometheus/prometheus.yml或者您自定义的配置目录下,增加以下采集配置。

scrape_configs:

...其他job配置。

- job_name: monitoring/virutal-kubelet/0
  honor_timestamps: true
  scrape_interval: 15s
  scrape_timeout: 10s
  metrics_path: /metrics/cadvisor
  scheme: https
  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
  tls_config:
    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    insecure_skip_verify: true
  relabel_configs:
  - source_labels: [__meta_kubernetes_service_label_k8s_app]
    separator: ;
    regex: kubelet
    replacement: $1
    action: keep
  - source_labels: [__meta_kubernetes_endpoint_port_name]
    separator: ;
    regex: https-metrics
    replacement: $1
    action: keep
  - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
    separator: ;
    regex: Node;(.*)
    target_label: node
    replacement: ${1}
    action: replace
  - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
    separator: ;
    regex: Pod;(.*)
    target_label: pod
    replacement: ${1}
    action: replace
  - source_labels: [__meta_kubernetes_namespace]
    separator: ;
    regex: (.*)
    target_label: namespace
    replacement: $1
    action: replace
  - source_labels: [__meta_kubernetes_service_name]
    separator: ;
    regex: (.*)
    target_label: service
    replacement: $1
    action: replace
  - source_labels: [__meta_kubernetes_pod_name]
    separator: ;
    regex: (.*)
    target_label: pod
    replacement: $1
    action: replace
  - source_labels: [__meta_kubernetes_pod_container_name]
    separator: ;
    regex: (.*)
    target_label: container
    replacement: $1
    action: replace
  - source_labels: [__meta_kubernetes_service_name]
    separator: ;
    regex: (.*)
    target_label: job
    replacement: ${1}
    action: replace
  - source_labels: [__meta_kubernetes_service_label_k8s_app]
    separator: ;
    regex: (.+)
    target_label: job
    replacement: ${1}
    action: replace
  - separator: ;
    regex: (.*)
    target_label: endpoint
    replacement: https-metrics
    action: replace
  - source_labels: [__meta_kubernetes_endpoint_address_target_name]
    separator: ;
    regex: (^virtual-kubelet.*)
    replacement: $1
    action: keep
  - source_labels: [__meta_kubernetes_endpoint_address_target_name]
    separator: ;
    regex: (^virtual-kubelet.*)
    target_label: __param_nodeName
    replacement: ${1}
    action: replace
  kubernetes_sd_configs:
  - role: endpoints
    namespaces:
      names:
      - kube-system

如果集群中已经配置了基于kubelet service的服务发现来收集cAdvisor的Metrics,您需要增加以下配置来移除对<Virtual Node IP>:10250/metrics/cadvisor的采集配置,避免重复采集数据。

scrape_configs:

...其他job配置。

- job_name: monitoring/ack-prometheus-operator-kubelet/0
  honor_labels: true
  honor_timestamps: true
  ...
  relabel_configs:
  ...
  // 移除对虚拟节点的/metrics/cadviso端点的采集。
  - source_labels: [__meta_kubernetes_endpoint_address_target_name]
    separator: ;
    regex: (^virtual-kubelet.*)
    replacement: $1
    action: drop