试用Thanos Operator
总结:
我使用Thanos Operator构建了一个用于监控k8s环境的系统。
环境
Kubernetes: 高达
1.16.10-gke.8
头盔
version.BuildInfo{Version:"v3.2.4", GitCommit:"0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", GitTreeState:"clean", GoVersion:"go1.13.12"}
Thanos 是谁?
请参阅官方网页。
“Thanos Operator是什么意思?”
这项服务致力于以更简单和更安全的方式构建和运营Thanos组件。Banzai Cloud开发并发布了Thanos Helm Chart。
搭建环境
Prometheus + Thanos sidecar将使用Prometheus Operator进行构建。
在中国的本土市场中,有几种方法可用于准备Prometheus Operator和k8s周边的exporter。
-
- kube-prometheus
- Prometheus Operator helm chart
有一个目标,即以k8s的监控各组件的管理为目标。本次将使用Prometheus Operator的helm chart。
准备好集群
不详。使用GKE。
创建用于监控的命名空间。
kubectl create namespace monitoring
灭霸的部署
Thanos将创建一个将度量永久化的GCS存储桶。
gsutil mb -c multi_regional -l Asia gs://${PROJECT_ID}-thanos
创建并下载用于Thanos的服务账户的密钥。
export SERVICE_ACCOUNT_JSON_THANOS="serviceaccount-key-thanos.json"
gcloud iam service-accounts create thanos --display-name "Thanos"
export SERVICE_ACCOUNT_ID_THANOS=thanos@${PROJECT_ID}.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member serviceAccount:${SERVICE_ACCOUNT_ID_THANOS} \
--role 'roles/storage.objectCreator'
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member serviceAccount:${SERVICE_ACCOUNT_ID_THANOS} \
--role 'roles/storage.objectViewer'
gcloud iam service-accounts keys create ${SERVICE_ACCOUNT_JSON_THANOS} --iam-account=${SERVICE_ACCOUNT_ID_THANOS}
准备一个包含Bucket和服务帐户密钥的Secret文件。
type: GCS
config:
bucket: "XXXX-thanos"
service_account: |-
{
"type": "service_account",
"project_id": "XXXX",
"private_key_id": "XXX",
"private_key": "-----BEGIN PRIVATE KEY-----\nXXX\n-----END PRIVATE KEY-----\n",
"client_email": "thanos@XXXX.iam.gserviceaccount.com",
"client_id": "XXXX",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/thanos@XXXX.iam.gserviceaccount.com"
}
创建秘钥
kubectl create secret generic thanos -n monitor --from-file=object-store.yaml=./kube/monitor/thanos/objectstore-secret.yaml
部署 Thanos 操作员
helm install thanos-operator --namespace monitor banzaicloud-stable/thanos-operator --set manageCrds=false
灭霸集群的部署
kubectl apply -n monitor -f ./kube/monitor/thanos/thanos.yaml
kubectl apply -n monitor -f ./kube/monitor/thanos/objectstore.yaml
kubectl apply -n monitor -f ./kube/monitor/thanos/storeendpoint.yaml
普罗米修斯的部署
在带有Thanos的摩托车上添加一个辅助座椅。
prometheus:
prometheusSpec:
thanos:
image: quay.io/thanos/thanos:v0.12.2
version: v0.12.2
objectStorageConfig:
name: thanos
key: object-store.yaml
helm install prometheus-operator -n monitor stable/prometheus-operator -f ./kube/monitor/prometheus-operator/values.yaml
确认所有人都站起来了
NAME READY STATUS RESTARTS AGE
alertmanager-prometheus-operator-alertmanager-0 2/2 Running 0 7m12s
objectstore-sample-bucket-855b8bc7fc-snzml 1/1 Running 0 11m
objectstore-sample-compactor-6ff654c4b5-xgcmf 1/1 Running 0 11m
prometheus-operator-grafana-8589c4455b-rrktb 2/2 Running 0 7m25s
prometheus-operator-kube-state-metrics-66b4c95cd9-wh6s5 1/1 Running 0 7m25s
prometheus-operator-operator-5866d665cb-674q9 2/2 Running 0 7m25s
prometheus-operator-prometheus-node-exporter-gt5qm 1/1 Running 0 7m25s
prometheus-prometheus-operator-prometheus-0 4/4 Running 1 7m2s
thanos-operator-84b5b97494-7f56f 1/1 Running 0 22m
thanos-sample-query-7b765646c-jpwcq 1/1 Running 0 10m
thanos-sample-storeendpoint-sample-rule-0 1/1 Running 0 10m
thanos-sample-storeendpoint-sample-store-9754c664f-tkq2x 1/1 Running 0 10m
当访问查询的用户界面时,可以正确识别Prometheus,并且能够执行查询。
印象
构建本身很简单。我觉得用这个方法构建k8s的监控集群会变得更加轻松。
我想在实际生产环境中试一试,看看在保持尽可能简单的状态下,能够构建和运维到什么程度。
