2025最新版kube-prometheus部署教程:支持K8s 1.33+的最佳实践
项目地址: https://gitcode.com/gh_mirrors/ku/kube-prometheus 引言:K8s监控的痛点与解决方案
你是否正面临Kubernetes集群监控配置复杂、组件版本不兼容、部署后无法正常采集metrics等问题?随着K8s版本迭代至1.33+,传统监控方案已难以满足需求。本文将提供一套完整的kube-prometheus部署方案,通过标准化部署流程、解决兼容性问题、优化资源配置,帮助你在30分钟内完成生产级监控系统搭建。
读完本文你将获得:
- 支持K8s 1.33+的kube-prometheus环境搭建能力
- 定制化监控配置的实战经验
- 常见故障的诊断与解决方案
- 多场景下的UI访问策略
一、环境准备与兼容性检查
1.1 系统要求
| 组件 | 最低版本 | 推荐版本 |
|---|---|---|
| Kubernetes | 1.33.0 | 1.33.1+ |
| Docker/Containerd | 20.10+ | 24.0+ |
| CPU | 2核 | 4核+ |
| 内存 | 4GB | 8GB+ |
| 磁盘空间 | 20GB | 40GB+ |
1.2 K8s集群预配置
kube-prometheus要求K8s节点开启以下特性:
# 验证kubelet配置
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{": "}{.status.nodeInfo.kubeletVersion}{"\n"}{end}'
# 确保kubelet启用以下参数
# --authentication-token-webhook=true
# --authorization-mode=Webhook
# 若未启用,可通过以下命令修改(需重启kubelet)
sudo sed -i 's/--authentication-token-webhook=false/--authentication-token-webhook=true/' /var/lib/kubelet/config.yaml
sudo sed -i 's/--authorization-mode=AlwaysAllow/--authorization-mode=Webhook/' /var/lib/kubelet/config.yaml
sudo systemctl restart kubelet
1.3 控制平面组件配置
kube-apiserver、kube-controller-manager和kube-scheduler需要绑定到0.0.0.0以允许Prometheus访问:
# 修改controller-manager和scheduler配置
sudo sed -i 's/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/' /etc/kubernetes/manifests/kube-controller-manager.yaml
sudo sed -i 's/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/' /etc/kubernetes/manifests/kube-scheduler.yaml
# 重启相关组件
kubectl delete pod -n kube-system kube-controller-manager-$(hostname)
kubectl delete pod -n kube-system kube-scheduler-$(hostname)
二、部署kube-prometheus
2.1 克隆代码仓库
git clone https://gitcode.com/gh_mirrors/ku/kube-prometheus
cd kube-prometheus
2.2 部署基础组件
# 创建命名空间和CRD
kubectl apply --server-side -f manifests/setup
# 等待CRD就绪
kubectl wait \
--for condition=Established \
--all CustomResourceDefinition \
--namespace=monitoring
# 部署核心监控组件
kubectl apply -f manifests/
2.3 验证部署状态
# 检查monitoring命名空间下的Pod状态
kubectl get pods -n monitoring -o wide
# 预期输出应包含以下Pod:
# alertmanager-main-0
# blackbox-exporter-xxxx
# grafana-xxxx
# kube-state-metrics-xxxx
# node-exporter-xxxx
# prometheus-adapter-xxxx
# prometheus-k8s-0
# prometheus-operator-xxxx
部署流程示意图:
三、定制化配置
3.1 资源需求调整
根据集群规模调整资源配置,创建自定义jsonnet文件:
// custom-resources.jsonnet
local kp = import 'kube-prometheus/main.libsonnet';
kp + {
values+:: {
common+: {
namespace: 'monitoring',
resources+: {
requests: {
cpu: '100m',
memory: '256Mi'
},
limits: {
cpu: '1000m',
memory: '1Gi'
}
}
},
prometheus+: {
prometheus+: {
spec+: {
resources: {
requests: {
cpu: '500m',
memory: '2Gi'
},
limits: {
cpu: '2000m',
memory: '8Gi'
}
}
}
}
}
}
}
3.2 生成自定义 manifests
# 安装jsonnet工具链
go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
go install github.com/google/go-jsonnet/cmd/jsonnet@latest
go install github.com/brancz/gojsontoyaml@latest
# 初始化jsonnet依赖
jb init
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
# 生成manifests
./build.sh custom-resources.jsonnet
# 应用自定义配置
kubectl apply -f manifests/
3.3 暴露服务方式选择
3.3.1 NodePort方式(适用于测试环境)
// node-ports.jsonnet
(import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/node-ports.libsonnet')
3.3.2 Ingress方式(适用于生产环境)
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prometheus-ingress
namespace: monitoring
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: prometheus-basic-auth
spec:
rules:
- host: prometheus.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-k8s
port:
number: 9090
- host: grafana.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
四、UI访问与验证
4.1 端口转发方式(临时访问)
# Prometheus UI
kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090 &
# Grafana UI
kubectl --namespace monitoring port-forward svc/grafana 3000 &
# Alertmanager UI
kubectl --namespace monitoring port-forward svc/alertmanager-main 9093 &
访问地址:
- Prometheus: http://localhost:9090
- Grafana: http://localhost:3000 (默认账号: admin/admin)
- Alertmanager: http://localhost:9093
4.2 验证数据采集状态
在Prometheus UI中检查以下端点是否正常:
- 访问http://localhost:9090/targets
- 确认所有target的State为UP
- 重点检查:
- kube-apiserver
- kubelet
- node-exporter
- kube-state-metrics
五、常见问题与解决方案
5.1 kubelet访问权限问题
症状:Prometheus页面显示kubelet targets状态为401 Unauthorized
解决方案:
# 验证kubelet授权配置
kubectl describe clusterrole system:kube-prometheus-node-agent
# 确保包含以下权限
# resources: ["nodes/metrics", "nodes/proxy"]
# verbs: ["get"]
# 若缺失,应用修复配置
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:kube-prometheus-node-agent
rules:
- apiGroups: [""]
resources: ["nodes/metrics", "nodes/proxy"]
verbs: ["get"]
EOF
5.2 资源不足导致Pod启动失败
症状:Pod状态为Pending或OOMKilled
解决方案:
# 检查资源使用情况
kubectl top pods -n monitoring
# 修改对应组件的资源限制
# 以prometheus为例
kubectl edit prometheus k8s -n monitoring
# 调整spec.resources.limits和requests
5.3 数据持久化配置
症状:Prometheus重启后数据丢失
解决方案:配置持久化存储:
# prometheus-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus-storage
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: standard
kubectl apply -f prometheus-pvc.yaml
# 更新Prometheus配置
kubectl edit prometheus k8s -n monitoring
# 添加storage配置
# spec:
# storage:
# volumeClaimTemplate:
# spec:
# selector:
# matchLabels:
# app: prometheus
# resources:
# requests:
# storage: 50Gi
六、升级与维护
6.1 升级kube-prometheus
# 更新依赖
jb update
# 重新生成manifests
./build.sh example.jsonnet
# 应用更新
kubectl apply -f manifests/
6.2 备份Grafana配置
# 导出Grafana dashboards
kubectl exec -n monitoring grafana-xxxx -- sh -c "mkdir -p /tmp/dashboards && grafana-cli dashboard list-imported | awk '{print \$1}' | xargs -I {} grafana-cli dashboard export {} > /tmp/dashboards/{}.json"
# 拷贝到本地
kubectl cp -n monitoring grafana-xxxx:/tmp/dashboards ./grafana-backup
七、总结与最佳实践
通过本文的步骤,你已成功部署了一套适配K8s 1.33+的监控系统。为确保系统稳定运行,建议:
- 定期维护:每月执行一次组件升级
- 资源监控:密切关注Prometheus和Grafana的资源使用情况
- 告警配置:根据业务需求自定义Alertmanager规则
- 数据保留:配置合理的Prometheus数据保留策略(默认15天)
- 安全加固:为Grafana启用HTTPS和强密码策略
监控系统架构图:
后续可深入学习的方向:
- 自定义Prometheus监控规则
- Grafana高级仪表盘制作
- 基于Prometheus的自动扩缩容实现
- 监控数据长期存储方案
通过这套监控系统,你可以全面掌握Kubernetes集群的运行状态,及时发现并解决潜在问题,为业务稳定运行提供有力保障。
创作声明:本文部分内容由AI辅助生成(AIGC),仅供参考
