使用Terraform管理Prometheus实例的Remote Write

Terraform支持管理Prometheus集成中心组件和Remote Write资源。本文介绍如何通过Terraform管理Remote Write配置。

前提条件

  • 已创建Prometheus for容器服务或for ECS实例。具体操作,请参见使用Terraform管理Prometheus实例
  • 安装Terraform。
    说明 请确认Terraform版本不低于v0.12.28,可通过terraform --version命令查看Terraform版本。
    • Cloud Shell默认安装配置了Terraform和阿里云账号信息,您无需执行任何额外配置。
    • 如果您不使用Cloud Shell,关于安装Terraform的具体操作,请参见在本地安装和配置Terraform
  • 配置阿里云账号信息。有以下两种方式:
    说明 为提高权限管理的灵活性和安全性,建议您创建名为Terraform的RAM用户,并为该RAM用户创建AccessKey和授权。具体操作,请参见创建RAM用户为RAM用户授权
    • 方式一:创建环境变量,用于存放身份认证信息。
      export ALICLOUD_ACCESS_KEY="************"
      export ALICLOUD_SECRET_KEY="************"
      export ALICLOUD_REGION="cn-beijing"
      说明 其中,export ALICLOUD_REGION参数的值需要您根据实际情况进行替换。
    • 方式二:通过在配置文件的Provider代码块中指定身份认证信息。
      provider "alicloud" {
        access_key = "************"
        secret_key = "************"
        region     = "cn-beijing"
      }
      说明 其中,export ALICLOUD_REGION参数的值需要您根据实际情况进行替换。

增加Prometheus实例的Remote Write

  1. 创建一个工作目录,并在工作目录中创建名为main.tf的配置文件。
    provider "alicloud" {
    }
  2. 执行以下命令,初始化Terraform运行环境。
    terraform init
    预期输出:
    Initializing the backend...
    
    Initializing provider plugins...
    - Checking for available provider plugins...
    - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.90.1...
    ...
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
  3. 导入Remote Write资源。
    1. 将Remote Write资源添加到main.tf文件中。
      # Prometheus实例的Remote Write配置。
      resource "alicloud_arms_remote_write" "myRemoteWrite1" {
          cluster_id       = "c77e1106f429e4b46b0ee1720c*****"   #Prometheus实例Id
        remote_write_yaml = <<-EOT
                  remote_write:
                  - name: ArmsRemoteWrite1
                    url: http://47.96.XX.XX:8080/prometheus/xxx/yyy/cn-hangzhou/api/v3/write
                    basic_auth: {username: 666, password: '******'}
                    write_relabel_configs:
                    - source_labels: [instance_id]
                      separator: ;
                      regex: si-6e2ca86444db4e5*****
                      replacement: $1
                      action: keep
              EOT
    2. 执行以下命令,生成资源规划。
      terraform plan
      预期输出:
      Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
        + create
      
      Terraform will perform the following actions:
      
        # alicloud_arms_remote_write.ack-rw1 will be created
        + resource "alicloud_arms_remote_write" "ack-rw1" {
            + cluster_id        = "c77e1106f429e4b46b0ee1720c*****"
            + id                = (known after apply)
            + remote_write_name = (known after apply)
            + remote_write_yaml = <<-EOT
                  remote_write:
                  - name: ArmsRemoteWrite1
                    url: http://xx.xx.xx.xx:8080/prometheus/xxx/yyy/cn-hangzhou/api/v3/write
                    basic_auth: {username: 666, password: '******'}
                    write_relabel_configs:
                    - source_labels: [instance_id]
                      separator: ;
                      regex: si-6e2ca86444db4e5*****
                      replacement: $1
                      action: keep
              EOT
          }
      
      Plan: 1 to add, 0 to change, 0 to destroy.
    3. 执行以下命令,创建Remote Write。
      terraform apply
      预期输出:
      Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
        + create
      
      Terraform will perform the following actions:
      
        # alicloud_arms_remote_write.ack-rw1 will be created
        + resource "alicloud_arms_remote_write" "ack-rw1" {
            + cluster_id        = "c77e1106f429e4b46b0ee1720c9*****"
            + id                = (known after apply)
            + remote_write_name = (known after apply)
            + remote_write_yaml = <<-EOT
                  remote_write:
                  - name: ArmsRemoteWrite1
                    url: http://xx.xx.xx.xx:8080/prometheus/xxx/yyy/cn-hangzhou/api/v3/write
                    basic_auth: {username: 666, password: '******'}
                    write_relabel_configs:
                    - source_labels: [instance_id]
                      separator: ;
                      regex: si-6e2ca86444db4e5*****
                      replacement: $1
                      action: keep
              EOT
          }
      
      Plan: 1 to add, 0 to change, 0 to destroy.
      
      Do you want to perform these actions?
        Terraform will perform the actions described above.
        Only 'yes' will be accepted to approve.
      
        Enter a value: yes

      若输出结果出现yes,表示当前Prometheus实例的Remote Write配置创建成功。

结果验证

您可以登录可观测监控 Prometheus 版控制台,然后在Prometheus实例的集成中心页面,查看已成功创建的Remote Write配置。具体操作如下:

  1. 登录Prometheus控制台

  2. 在左侧导航栏单击实例列表,进入可观测监控 Prometheus 版的实例列表页面。

  3. 单击目标Prometheus实例名称,进入集成中心页面。
  4. 单击已安装区域的自定义组件卡片,然后在弹出的面板中单击Remote Write页签,查看已成功创建的RemoteWrite配置。
    fr

删除Prometheus实例Remote Write

操作步骤

您可以执行以下命令删除通过Terraform创建的集群。
terraform destroy

预期输出

...
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes
...
Destroy complete! Resources: 1 destroyed.

结果验证

您可以登录可观测监控 Prometheus 版控制台,然后在Prometheus实例的集成中心页面,查看Remote Write配置已被成功删除。

  1. 登录Prometheus控制台

  2. 在左侧导航栏单击实例列表,进入可观测监控 Prometheus 版的实例列表页面。

  3. 单击目标Prometheus实例名称,进入集成中心页面。
  4. 单击已安装区域的目标组件卡片,然后在弹出的面板中单击Remote Write页签,您可以看到已不存在目标Remote Write配置信息,表示该Remote Write配置已被成功删除。