Halo semuanya. Pada bulan Mei, OTUS meluncurkan lokakarya tentang pemantauan dan penebangan , baik infrastruktur dan aplikasi, menggunakan Zabbix, Prometheus, Grafana dan ELK. Dalam hal ini, kami secara tradisional membagikan materi yang bermanfaat tentang topik tersebut.
Eksportir Blackbox untuk Prometheus memungkinkan Anda memantau layanan eksternal melalui HTTP, HTTPS, DNS, TCP, ICMP. Pada artikel ini, saya akan menunjukkan kepada Anda cara mengkonfigurasi pemantauan HTTP / HTTPS menggunakan eksportir Blackbox. Kami akan meluncurkan eksportir Blackbox di Kubernetes.Lingkungan Hidup
Kami membutuhkan yang berikut:- Kubernetes
- Operator Prometheus
Konfigurasi eksportir blackbox
Kami mengkonfigurasi Blackbox melalui ConfigMapuntuk mengkonfigurasi httpmodul pemantauan layanan web.apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
data:
blackbox.yaml: |
modules:
http_2xx:
http:
no_follow_redirects: false
preferred_ip_protocol: ip4
valid_http_versions:
- HTTP/1.1
- HTTP/2
valid_status_codes: []
prober: http
timeout: 5s
Modul ini http_2xxdigunakan untuk memverifikasi bahwa layanan web mengembalikan kode status HTTP 2xx. Konfigurasi eksportir blackbox dijelaskan lebih rinci dalam dokumentasi .Menyebarkan eksportir blackbox di cluster Kubernetes
Jelaskan Deploymentdan Serviceuntuk penyebaran di Kubernetes.---
kind: Service
apiVersion: v1
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
spec:
type: ClusterIP
ports:
- name: http
port: 9115
protocol: TCP
selector:
app: prometheus-blackbox-exporter
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-blackbox-exporter
labels:
app: prometheus-blackbox-exporter
spec:
replicas: 1
selector:
matchLabels:
app: prometheus-blackbox-exporter
template:
metadata:
labels:
app: prometheus-blackbox-exporter
spec:
restartPolicy: Always
containers:
- name: blackbox-exporter
image: "prom/blackbox-exporter:v0.15.1"
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
args:
- "--config.file=/config/blackbox.yaml"
resources:
{}
ports:
- containerPort: 9115
name: http
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
volumeMounts:
- mountPath: /config
name: config
- name: configmap-reload
image: "jimmidyson/configmap-reload:v0.2.2"
imagePullPolicy: "IfNotPresent"
securityContext:
runAsNonRoot: true
runAsUser: 65534
args:
- --volume-dir=/etc/config
- --webhook-url=http:
resources:
{}
volumeMounts:
- mountPath: /etc/config
name: config
readOnly: true
volumes:
- name: config
configMap:
name: prometheus-blackbox-exporter
Eksportir blackbox dapat digunakan menggunakan perintah berikut. Namespace monitoringmerujuk pada Operator Prometheus.kubectl --namespace=monitoring apply -f blackbox-exporter.yaml
Verifikasi bahwa semua layanan berjalan menggunakan perintah berikut:kubectl --namespace=monitoring get all --selector=app=prometheus-blackbox-exporter
Periksa Blackbox
Anda dapat mengakses antarmuka web Blackbox eksportir dengan port-forward:kubectl --namespace=monitoring port-forward svc/prometheus-blackbox-exporter 9115:9115
Terhubung ke antarmuka web Blackbox eksportir melalui browser web di localhost : 9115.
Jika Anda pergi ke alamat http: // localhost: 9115 / probe? Module = http_2xx & target = https: //www.google.com , Anda akan melihat hasil memeriksa URL yang ditentukan ( https://www.google.com ).
Nilai metrik probe_success1 berarti cek yang berhasil. Nilai 0 menunjukkan kesalahan.Menyiapkan Prometheus
Setelah menggunakan eksportir BlackBox, konfigurasikan Prometheus prometheus-additional.yaml.- job_name: 'kube-api-blackbox'
scrape_interval: 1w
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets:
- https:
- http:
- https:
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.
Hasilkan Secretmenggunakan perintah berikut.PROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-configs
type: Opaque
data:
prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF
Tentukan additional-scrape-configsuntuk Operator Prometheus menggunakan additionalScrapeConfigs.kubectl --namespace=monitoring edit prometheuses k8s
...
spec:
additionalScrapeConfigs:
key: prometheus-additional.yaml
name: additional-scrape-configs
Kami masuk ke antarmuka web Prometheus, memeriksa metrik dan tujuan.kubectl --namespace=monitoring port-forward svc/prometheus-k8s 9090:9090
Kami melihat metrik dan tujuan Blackbox.Menambahkan aturan untuk notifikasi (peringatan)
Untuk menerima pemberitahuan dari eksportir Blackbox, tambahkan aturan ke Operator Prometheus.kubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
- name: blackbox-exporter
rules:
- alert: ProbeFailed
expr: probe_success == 0
for: 5m
labels:
severity: error
annotations:
summary: "Probe failed (instance {{ $labels.instance }})"
description: "Probe failed\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: SlowProbe
expr: avg_over_time(probe_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "Slow probe (instance {{ $labels.instance }})"
description: "Blackbox probe took more than 1s to complete\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: HttpStatusCode
expr: probe_http_status_code <= 199 OR probe_http_status_code >= 400
for: 5m
labels:
severity: error
annotations:
summary: "HTTP Status Code (instance {{ $labels.instance }})"
description: "HTTP status code is not 200-399\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: SslCertificateWillExpireSoon
expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 30
for: 5m
labels:
severity: warning
annotations:
summary: "SSL certificate will expire soon (instance {{ $labels.instance }})"
description: "SSL certificate expires in 30 days\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: SslCertificateHasExpired
expr: probe_ssl_earliest_cert_expiry - time() <= 0
for: 5m
labels:
severity: error
annotations:
summary: "SSL certificate has expired (instance {{ $labels.instance }})"
description: "SSL certificate has expired already\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: HttpSlowRequests
expr: avg_over_time(probe_http_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "HTTP slow requests (instance {{ $labels.instance }})"
description: "HTTP request took more than 1s\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
- alert: SlowPing
expr: avg_over_time(probe_icmp_duration_seconds[1m]) > 1
for: 5m
labels:
severity: warning
annotations:
summary: "Slow ping (instance {{ $labels.instance }})"
description: "Blackbox ping took more than 1s\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
Di antarmuka web Prometheus, buka Status => Aturan dan temukan aturan peringatan untuk eksportir blackbox.
Mengkonfigurasi Kubernetes API Server Notifikasi Kedaluwarsa Sertifikat SSL
Mari mengatur pemantauan kadaluwarsa sertifikat SSL API Server Kubernetes. Dia akan mengirim pemberitahuan seminggu sekali.Tambahkan modul eksportir Blackbox untuk Kubernetes API Server Authentication.kubectl --namespace=monitoring edit configmap prometheus-blackbox-exporter
...
kube-api:
http:
method: GET
no_follow_redirects: false
preferred_ip_protocol: ip4
tls_config:
insecure_skip_verify: false
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
valid_http_versions:
- HTTP/1.1
- HTTP/2
valid_status_codes: []
prober: http
timeout: 5s
Menambahkan konfigurasi goresan Prometheus- job_name: 'kube-api-blackbox'
metrics_path: /probe
params:
module: [kube-api]
static_configs:
- targets:
- https:
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115 # The blackbox exporter.
Terapkan Rahasia PrometheusPROMETHEUS_ADD_CONFIG=$(cat prometheus-additional.yaml | base64)
cat << EOF | kubectl --namespace=monitoring apply -f -
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-configs
type: Opaque
data:
prometheus-additional.yaml: $PROMETHEUS_ADD_CONFIG
EOF
Tambahkan aturan peringatankubectl --namespace=monitoring edit prometheusrules prometheus-k8s-rules
...
- name: k8s-api-server-cert-expiry
rules:
- alert: K8sAPIServerSSLCertExpiringAfterThreeMonths
expr: probe_ssl_earliest_cert_expiry{job="kube-api-blackbox"} - time() < 86400 * 90
for: 1w
labels:
severity: warning
annotations:
summary: "Kubernetes API Server SSL certificate will expire after three months (instance {{ $labels.instance }})"
description: "Kubernetes API Server SSL certificate expires in 90 days\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
tautan yang bermanfaat
Memantau dan masuk Docker