Monitoring Master Node Components Using Prometheus
This section describes how to use Prometheus to monitor the kube-apiserver, kube-controller, kube-scheduler and etcd-server components on the master nodes.
Collecting the Metrics of Master Node Components Using Self-Built Prometheus
This section describes how to collect the metrics of master node components using self-built Prometheus.
Notice
- The cluster version must be v1.19 or later.
- You need to install self-built Prometheus using Helm by referring to Prometheus. You need to use prometheus-operator to manage installed Prometheus by referring to Prometheus Operator.
The Prometheus add-on (Prometheus) is end of maintenance and does not support this function. Do not use this add-on.
- Use kubectl to connect to the cluster.
- Modify the ClusterRole of Prometheus.kubectl edit ClusterRole prometheus -n {namespace}
Add the following content under the rules field:
rules:...- apiGroups:- proxy.exporter.k8s.ioresources:- "*"verbs: ["get", "list", "watch"] - Create a file named kube-apiserver.yaml and edit it.vi kube-apiserver.yaml
Example file content:
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:labels:app.kubernetes.io/name: apiservername: kube-apiservernamespace: monitoring # Change it to the namespace where Prometheus will be installed.spec:endpoints:- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/tokeninterval: 30smetricRelabelings:- action: keepregex: (aggregator_unavailable_apiservice|apiserver_admission_controller_admission_duration_seconds_bucket|apiserver_admission_webhook_admission_duration_seconds_bucket|apiserver_admission_webhook_admission_duration_seconds_count|apiserver_client_certificate_expiration_seconds_bucket|apiserver_client_certificate_expiration_seconds_count|apiserver_current_inflight_requests|apiserver_request_duration_seconds_bucket|apiserver_request_total|go_goroutines|kubernetes_build_info|process_cpu_seconds_total|process_resident_memory_bytes|rest_client_requests_total|workqueue_adds_total|workqueue_depth|workqueue_queue_duration_seconds_bucket|aggregator_unavailable_apiservice_total|rest_client_request_duration_seconds_bucket)sourceLabels:- __name__- action: dropregex: apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)sourceLabels:- __name__- leport: httpsscheme: httpstlsConfig:caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtserverName: kubernetesjobLabel: componentnamespaceSelector:matchNames:- defaultselector:matchLabels:component: apiserverprovider: kubernetesCreate a ServiceMonitor:
kubectl apply -f kube-apiserver.yaml - Create a file named kube-controller.yaml and edit it.vi kube-controller.yaml
Example file content:
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:labels:app.kubernetes.io/name: kube-controllername: kube-controller-managernamespace: monitoring # Change it to the namespace where Prometheus will be installed.spec:endpoints:- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/tokeninterval: 15shonorLabels: trueport: httpsrelabelings:- regex: (.+)replacement: /apis/proxy.exporter.k8s.io/v1beta1/kube-controller-proxy/${1}/metricssourceLabels:- __address__targetLabel: __metrics_path__- regex: (.+)replacement: ${1}sourceLabels:- __address__targetLabel: instance- replacement: kubernetes.default.svc.cluster.local:443targetLabel: __address__scheme: httpstlsConfig:caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtjobLabel: appnamespaceSelector:matchNames:- kube-systemselector:matchLabels:app: kube-controller-proxyversion: v1Create a ServiceMonitor:
kubectl apply -f kube-controller.yaml - Create a file named kube-scheduler.yaml and edit it.vi kube-scheduler.yaml
Example file content:
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:labels:app.kubernetes.io/name: kube-schedulername: kube-schedulernamespace: monitoring # Change it to the namespace where Prometheus will be installed.spec:endpoints:- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/tokeninterval: 15shonorLabels: trueport: httpsrelabelings:- regex: (.+)replacement: /apis/proxy.exporter.k8s.io/v1beta1/kube-scheduler-proxy/${1}/metricssourceLabels:- __address__targetLabel: __metrics_path__- regex: (.+)replacement: ${1}sourceLabels:- __address__targetLabel: instance- replacement: kubernetes.default.svc.cluster.local:443targetLabel: __address__scheme: httpstlsConfig:caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtjobLabel: appnamespaceSelector:matchNames:- kube-systemselector:matchLabels:app: kube-scheduler-proxyversion: v1Create a ServiceMonitor:
kubectl apply -f kube-scheduler.yaml - Create a file named etcd-server.yaml and edit it.vi etcd-server.yaml
Example file content:
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:labels:app.kubernetes.io/name: etcd-servername: etcd-servernamespace: monitoring # Change it to the namespace where Prometheus will be installed.spec:endpoints:- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/tokeninterval: 15shonorLabels: trueport: httpsrelabelings:- regex: (.+)replacement: /apis/proxy.exporter.k8s.io/v1beta1/etcd-server-proxy/${1}/metricssourceLabels:- __address__targetLabel: __metrics_path__- regex: (.+)replacement: ${1}sourceLabels:- __address__targetLabel: instance- replacement: kubernetes.default.svc.cluster.local:443targetLabel: __address__scheme: httpstlsConfig:caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtjobLabel: appnamespaceSelector:matchNames:- kube-systemselector:matchLabels:app: etcd-server-proxyversion: v1Create a ServiceMonitor:
kubectl apply -f etcd-server.yaml - Access Prometheus and choose Status > Targets.
The preceding master node components are displayed.
Parent topic: O&M Best Practices
- Collecting the Metrics of Master Node Components Using Self-Built Prometheus