写在最前
https://github.com/starsliao/TenSunS
🦄后羿 - TenSunS(原ConsulManager):基于Consul的运维平台:更优雅的Consul管理UI&多云与自建ECS/MySQL/Redis同步Prometheus/JumpServer&ECS/MySQL/Redis云监控指标采集&Blackbox站点监控维护&漏洞通知/资源到期余额告警&各类资源Grafana看板展示
安装流程作者在github中已经写得非常详细了,在此我就不记录了,仅记录使用过程中的细节
1. docker 部署
2. kubernetes 部署
2.1 redis-exporter
2.1.1 deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: redis-exporter
namespace: monitoring
labels:
app: redis-exporter
annotations:
deployment.kubernetes.io/revision: '2'
spec:
replicas: 1
selector:
matchLabels:
app: redis-exporter
template:
metadata:
creationTimestamp: null
labels:
app: redis-exporter
net_name: net-app-ms
annotations:
kubesphere.io/creator: admin
kubesphere.io/imagepullsecrets: '{"redis-exporter":"harbor-dev"}'
kubesphere.io/restartedAt: '2024-02-28T08:33:02.488Z'
logging.kubesphere.io/logsidecar-config: '{}'
spec:
volumes:
- name: host-time
hostPath:
path: /etc/localtime
type: ''
- name: volume-fky8wd
secret:
secretName: redis-exporter-secret
items:
- key: redis_passwd.json
path: redis_passwd.json
defaultMode: 420
containers:
- name: redis-exporter
image: 'oliver006/redis_exporter:v1.80.1'
args:
- '-redis.password-file=/redis_passwd.json'
ports:
- name: http-9121
containerPort: 9121
protocol: TCP
env:
- name: REDIS_EXPORTER_INCL_SYSTEM_METRICS
value: 'true'
resources: {}
volumeMounts:
- name: host-time
readOnly: true
mountPath: /etc/localtime
- name: volume-fky8wd
readOnly: true
mountPath: /redis_passwd.json
subPath: redis_passwd.json
livenessProbe:
httpGet:
path: /
port: 9121
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /
port: 9121
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor-dev
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
2.1.2 secret
在 Tensuns 中新建实例前,必须预先配置 Redis 实例的连接地址与认证密码,否则实例匹配将无法生效,数据也无法被正确抓取。
{
"redis://app-redis1.default:6379":"123456",
"redis://app-redis2.default:6379":"123456",
"redis://app-redis2.default:6379":"123456",
"redis://app-redis4.default:6379":"123456",
"redis://app-redis5.default:6379":"123456",
"redis://app-redis6.default:6379":"123456"
}
kind: Secret
apiVersion: v1
metadata:
name: redis-exporter-secret
namespace: monitoring
annotations:
kubesphere.io/creator: admin
data:
redis_passwd.json: ?????????????????????
type: Opaque
2.1.3 service
kind: Service
apiVersion: v1
metadata:
name: redis-exporter
namespace: monitoring
labels:
app: redis-exporter
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: http-9121
protocol: TCP
port: 9121
targetPort: 9121
selector:
app: redis-exporter
net_name: net-app-ms
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
2.1.4 grafana
https://grafana.com/grafana/dashboards/17507-1-redis-exporter-dashboard/
2.2 mysql-exporter
2.2.1 deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: mysql-exporter
namespace: monitoring
labels:
app: mysql-exporter
annotations:
deployment.kubernetes.io/revision: '1'
kubesphere.io/creator: admin
kubesphere.io/description: ''
spec:
replicas: 1
selector:
matchLabels:
app: mysql-exporter
template:
metadata:
creationTimestamp: null
labels:
app: mysql-exporter
net_name: net-app-ms
annotations:
kubesphere.io/creator: admin
spec:
volumes:
- name: host-time
hostPath:
path: /etc/localtime
type: ''
containers:
- name: mysql-exporter
image: 'prom/mysqld-exporter:v0.18.0'
command:
- /bin/mysqld_exporter
- '--collect.binlog_size'
- '--collect.info_schema.innodb_metrics'
- '--collect.info_schema.tables'
- '--collect.info_schema.processlist'
- '--collect.info_schema.tables.databases=*'
- '--collect.info_schema.innodb_cmpmem'
- '--mysqld.username=mon'
ports:
- name: http-9104
containerPort: 9104
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
- name: MYSQLD_EXPORTER_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-exporter-secret
key: MYSQLD_EXPORTER_PASSWORD
resources: {}
volumeMounts:
- name: host-time
readOnly: true
mountPath: /etc/localtime
livenessProbe:
httpGet:
path: /
port: 9104
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /
port: 9104
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /
port: 9104
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor-dev
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
2.2.2 secret
CREATE USER 'mon'@'%' IDENTIFIED BY '?????????????????????' WITH MAX_USER_CONNECTIONS 10;
GRANT PROCESS, REPLICATION CLIENT, SELECT ON . TO 'mon'@'%';
kind: Secret
apiVersion: v1
metadata:
name: mysql-exporter-secret
namespace: monitoring
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: ''
data:
MYSQLD_EXPORTER_PASSWORD: ?????????????????????
type: Opaque
2.2.3 service
kind: Service
apiVersion: v1
metadata:
name: mysql-exporter
namespace: monitoring
labels:
app: mysql-exporter
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: http-9104
protocol: TCP
port: 9104
targetPort: 9104
selector:
app: mysql-exporter
net_name: net-app-ms
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
2.2.4 grafana
https://grafana.com/grafana/dashboards/17320-1-mysqld-exporter-dashboard/
2.3 blackbox-exporter
2.3.1 deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: blackbox-exporter
namespace: monitoring
labels:
app: blackbox-exporter
annotations:
deployment.kubernetes.io/revision: '6'
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
app: blackbox-exporter
template:
metadata:
creationTimestamp: null
labels:
app: blackbox-exporter
net_name: net-app-ms
annotations:
kubesphere.io/creator: admin
kubesphere.io/imagepullsecrets: '{"blackbox-exporter":"harbor-dev"}'
kubesphere.io/restartedAt: '2024-01-24T03:43:46.262Z'
spec:
volumes:
- name: tz-config
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
type: ''
- name: blackbox-config
configMap:
name: blackbox-config
defaultMode: 420
- name: host-time
hostPath:
path: /etc/localtime
type: ''
containers:
- name: blackbox-exporter
image: 'prom/blackbox-exporter:v0.28.0'
args:
- '--config.file=/etc/blackbox/blackbox.yaml'
ports:
- name: tcp-9115
containerPort: 9115
protocol: TCP
resources:
limits:
cpu: '1'
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: tz-config
readOnly: true
mountPath: /etc/localtime
- name: blackbox-config
readOnly: true
mountPath: /etc/blackbox
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor-dev
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
2.3.2 configmap
kind: ConfigMap
apiVersion: v1
metadata:
name: blackbox-config
namespace: monitoring
annotations:
kubesphere.io/creator: admin
data:
blackbox.yaml: |
modules:
http_2xx:
prober: http
http:
valid_status_codes: [200,204]
no_follow_redirects: false
preferred_ip_protocol: ip4
ip_protocol_fallback: false
# 用于需要检查SSL证书有效性,但是该域名访问后又会重定向到其它域名的情况,这样检查的证书有效期就是重定向后域名的。
# 如果需要检查源域名信息,需要在blackbox中增加禁止重定向参数。
httpNoRedirect4ssl:
prober: http
http:
valid_status_codes: [200,204,301,302,303]
no_follow_redirects: true
preferred_ip_protocol: ip4
ip_protocol_fallback: false
# 用于忽略SSL证书检查的站点监控。
http200igssl:
prober: http
http:
valid_status_codes:
- 200
tls_config:
insecure_skip_verify: true
http_4xx:
prober: http
http:
valid_status_codes: [401,403,404]
preferred_ip_protocol: ip4
ip_protocol_fallback: false
http_5xx:
prober: http
http:
valid_status_codes: [500,502]
preferred_ip_protocol: ip4
ip_protocol_fallback: false
http_post_2xx:
prober: http
http:
method: POST
icmp:
prober: icmp
tcp_connect:
prober: tcp
ssh_banner:
prober: tcp
tcp:
query_response:
- expect: "^SSH-2.0-"
- send: "SSH-2.0-blackbox-ssh-check"
2.3.3 service
kind: Service
apiVersion: v1
metadata:
name: blackbox-exporter
namespace: monitoring
labels:
app: blackbox-exporter
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: http-9115
protocol: TCP
port: 9115
targetPort: 9115
selector:
app: blackbox-exporter
net_name: net-app-ms
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
2.3.4 grafana
https://grafana.com/grafana/dashboards/9965-1-blackbox-exporter-dashboard-20220412/
2.4 node-exporter
2.4.1 daemonset
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: node-exporter
namespace: monitoring
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.3.1
annotations:
deprecated.daemonset.template.generation: '1'
spec:
selector:
matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.3.1
spec:
volumes:
- name: proc
hostPath:
path: /proc
type: ''
- name: sys
hostPath:
path: /sys
type: ''
- name: root
hostPath:
path: /
type: ''
containers:
- name: node-exporter
image: 'prom/node-exporter:v1.3.1'
args:
- '--web.listen-address=127.0.0.1:9100'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- '--path.rootfs=/host/root'
- '--no-collector.wifi'
- '--no-collector.hwmon'
- >-
--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
- >-
--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
resources:
limits:
cpu: '1'
memory: 500Mi
requests:
cpu: 102m
memory: 180Mi
volumeMounts:
- name: proc
readOnly: true
mountPath: /host/proc
- name: sys
readOnly: true
mountPath: /host/sys
- name: root
readOnly: true
mountPath: /host/root
mountPropagation: HostToContainer
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
- name: kube-rbac-proxy
image: 'kubesphere/kube-rbac-proxy:v0.11.0'
args:
- '--logtostderr'
- '--secure-listen-address=[$(IP)]:9100'
- >-
--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- '--upstream=http://127.0.0.1:9100/'
ports:
- name: https
hostPort: 9100
containerPort: 9100
protocol: TCP
env:
- name: IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources:
limits:
cpu: '1'
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 65532
runAsGroup: 65532
runAsNonRoot: true
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: node-exporter
serviceAccount: node-exporter
hostNetwork: true
hostPID: true
securityContext:
runAsUser: 65534
runAsNonRoot: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/edge
operator: DoesNotExist
schedulerName: default-scheduler
tolerations:
- operator: Exists
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
revisionHistoryLimit: 10
2.4.2 service
kind: Service
apiVersion: v1
metadata:
name: node-exporter
namespace: monitoring
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.3.1
spec:
ports:
- name: https
protocol: TCP
port: 9100
targetPort: https
selector:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus
clusterIP: None
clusterIPs:
- None
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
2.4.3 grafana
https://grafana.com/grafana/dashboards/8919-node-exporter-dashboard-20240520-tensuns/
2.5 kafka-exporter
2.5.1 deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: kafka-exporter
namespace: monitoring
labels:
app: kafka-exporter
net_name: net-app-ms
annotations:
deployment.kubernetes.io/revision: '2'
kubesphere.io/creator: tanqidi
spec:
replicas: 1
selector:
matchLabels:
app: kafka-exporter
net_name: net-app-ms
template:
metadata:
creationTimestamp: null
labels:
app: kafka-exporter
net_name: net-app-ms
annotations:
kubesphere.io/creator: admin
kubesphere.io/imagepullsecrets: '{}'
kubesphere.io/restartedAt: '2025-06-23T05:54:10.619Z'
spec:
volumes:
- name: tz-config
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
type: ''
- name: host-time
hostPath:
path: /etc/localtime
type: ''
containers:
- name: kafka-exporter
image: 'danielqsj/kafka-exporter:v1.9.0'
args:
- '--kafka.server=kafka-0.kafka.default:9092'
- '--kafka.server=kafka-1.kafka.default:9092'
- '--kafka.server=kafka-2.kafka.default:9092'
ports:
- name: tcp-9308
containerPort: 9308
protocol: TCP
resources:
requests:
memory: 100M
volumeMounts:
- name: tz-config
readOnly: true
mountPath: /etc/localtime
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
affinity: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
2.5.2 service
kind: Service
apiVersion: v1
metadata:
name: kafka-exporter
namespace: monitoring
labels:
app: kafka-exporter
annotations:
kubesphere.io/creator: tanqidi
spec:
ports:
- name: http-9308
protocol: TCP
port: 9308
targetPort: 9308
selector:
app: kafka-exporter
net_name: net-app-ms
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
2.5.3 grafana
https://grafana.com/grafana/dashboards/7589-kafka-exporter-overview/
评论