使用 Prometheus Operator 监控 Traefik Ingress

文章目录

• 一、Traefik 配置文件设置 Prometheus
• 二、Traefik Service 设置标签
• 1、查看 Traefik Service
• 2、编辑该 Service 设置 Label

欢迎关注我的个人博客,关注最新动态： http://www.mydlq.club

描述：

上次已经配置了 Prometheus Operator 监控 ETCD，这次来配置下，让 Prometheus 监控集群 Ingress。

系统环境：

Prometheus Operator版本： 0.29
Kubernetes 版本： 1.14.0

一、Traefik 配置文件设置 Prometheus

要监控 Traefik 控制器，首先要控制 Traeik 将 Metrics 数据暴露出来，这需要在配置文件中加入下面配置：

[metrics]
[metrics.prometheus]
entryPoint = "traefik"
buckets = [0.1,0.3,1.2,5.0]

安装 Traefik 时候已经将配置文件外挂到 Kubernetes ConfigMap 中，详情可以参考 Kubernetes 部署 Traefik Ingress 一文。

例如，集群中将 Traefik 配置文件挂载到 Kubernetes ConfigMap 中，可以用 “kubectl etid” 命令编辑 Traefik 配置文件，加上 Prometheus 配置，这里提供本人完整配置如下：

$ kubectl edit ConfigMap traefik-config -n kube-system

apiVersion: v1
data:
traefik.toml: |
# traefik.toml
debug = true
InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
[entryPoints.traefik]
address = ":8080"
[kubernetes]
[traefikLog]
format = "json"
#filePath = "/data/traefik.log"
[accessLog]
#filePath = "/data/access.log"
format = "json"
[accessLog.filters]
retryAttempts = true
minDuration = "10ms"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
[api]
entryPoint = "traefik"
dashboard = true
[metrics]
[metrics.prometheus]
entryPoint = "traefik"
buckets = [0.1,0.3,1.2,5.0]

二、Traefik Service 设置标签

Prometheus Operator 是通过 Label 匹配的，需要提前设置 Service 贴上“k8s-app: traefik-ingress”标签

1、查看 Traefik Service

$ kubectl get service -n kube-system

kube-dns                  ClusterIP   10.10.0.10      <none>        53/UDP,53/TCP,9153/TCP    79d
kubelet                   ClusterIP   None            <none>        10250/T
3ff7
CP                 35d
traefik-ingress-service   ClusterIP   10.10.114.105   <none>        80/TCP,443/TCP,8080/TCP   56d

2、编辑该 Service 设置 Label

编辑 Traefik Service

$ kubectl edit service traefik-ingress-service -n kube-system

设置 Label “k8s-app: traefik-ingress”

apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2019-04-15T05:06:41Z"
name: traefik-ingress-service
namespace: kube-system
resourceVersion: "85575"
selfLink: /api/v1/namespaces/kube-system/services/traefik-ingress-service
uid: 4172b4df-5f3c-11e9-9287-000c29d98697
labels:
k8s-app: traefik-ingress        #---增加标签 “k8s-app: traefik-ingress”
spec:
clusterIP: 10.10.114.105
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: admin      #---Prometheus metrics 数据是通过8080端口暴露的
port: 8080
protocol: TCP
targetPort: 8080
selector:
k8s-app: traefik-ingress-lb
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

三、Prometheus Operator 配置监控规则

配置服务监控资源，用于监控 Traefik 控制器:

traefik-monitor.yaml

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: traefik-ingress
namespace: monitoring
labels:
k8s-app: traefik-ingress
spec:
jobLabel: k8s-app
endpoints:
- port: admin              #---设置为traefik 8080端口名称 admin
interval: 30s
selector:
matchLabels:
k8s-app: traefik-ingress
namespaceSelector:
matchNames:
- kube-system

创建该Service Monitor

$ kubectl apply -f traefik-monitor.yaml

四、查看 Prometheus 规则

打开 Prometheus UI，查看 Prometheus 规则，可以看到 traefik 数据已经存在。

五、Grafana 引入仪表盘

打开 Grafana，在其中引入编号“4475”的仪表盘

然后就可以看到仪表盘

如果没有数据，请提前通过 Traefik Ingress 访问其配置的域名，刷新出一些数据，然后调整小时间范围。

欢迎关注我的个人博客,关注最新动态： http://www.mydlq.club