Tagged: Prometheus

04/03/2025

쿠버네티스 prometheus 설정

Helm 을 이용해 kube-prometheus-stack 을 설치하게 되면, Grafana 를 통해서 통계 그래프를 볼 수 있다. 그런데, 몇몇 대쉬보드는 나타나지 않는데 여기서는 이 문제를 해결하는 방법을 알아본다.

Prometheus

프로메테스에서 Status > Target health 에서 상태를 같이 보면서 해결하면 좋다. 어떻게 스크랩이 설정되어 있는데, 상태가 DOWN 인 부분을 잘 살펴보면 된다.

CoreDNS

CoreDNS 대쉬보드가 아무것도 나오지 않는다. Service 에 kube-dns 혹은 Helm 으로 설치할 경우에 coredns 로 나오는데, describe 를 한번 해본다.

]$ kubectl describe svc/coredns -n kube-system
Name:              coredns
Namespace:         kube-system
Labels:            app.kubernetes.io/instance=coredns
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=coredns
                   helm.sh/chart=coredns-1.39.2
                   k8s-app=coredns
                   kubernetes.io/cluster-service=true
                   kubernetes.io/name=CoreDNS
Annotations:       meta.helm.sh/release-name: coredns
                   meta.helm.sh/release-namespace: kube-system
Selector:          app.kubernetes.io/instance=coredns,app.kubernetes.io/name=coredns,k8s-app=coredns
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.0.10
IPs:               10.96.0.10
Port:              udp-53  53/UDP
TargetPort:        53/UDP
Endpoints:         10.42.217.130:53
Port:              tcp-53  53/TCP
TargetPort:        53/TCP
Endpoints:         10.42.217.130:53
Session Affinity:  None
Events:            <none>

]$ kubectl describe svc/coredns -n kube-system

Name: coredns

Namespace: kube-system

Labels: app.kubernetes.io/instance=coredns

app.kubernetes.io/managed-by=Helm

app.kubernetes.io/name=coredns

helm.sh/chart=coredns-1.39.2

k8s-app=coredns

kubernetes.io/cluster-service=true

kubernetes.io/name=CoreDNS

Annotations: meta.helm.sh/release-name: coredns

meta.helm.sh/release-namespace: kube-system

Selector: app.kubernetes.io/instance=coredns,app.kubernetes.io/name=coredns,k8s-app=coredns

Type: ClusterIP

IP Family Policy: SingleStack

IP Families: IPv4

IP: 10.96.0.10

IPs: 10.96.0.10

Port: udp-53 53/UDP

TargetPort: 53/UDP

Endpoints: 10.42.217.130:53

Port: tcp-53 53/TCP

TargetPort: 53/TCP

Endpoints: 10.42.217.130:53

Session Affinity: None

Events: <none>

위에 내용을 보면 k8s-app=coredns 가 보인다. 이제 Service 에 prometheus-coredns 를 한번 보자.

]$ kubectl describe svc/prometheus-kube-prometheus-coredns -n kube-system
Name:              prometheus-kube-prometheus-coredns
Namespace:         kube-system
Labels:            app=kube-prometheus-stack-coredns
                   app.kubernetes.io/instance=prometheus
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/part-of=kube-prometheus-stack
                   app.kubernetes.io/version=70.4.1
                   chart=kube-prometheus-stack-70.4.1
                   heritage=Helm
                   jobLabel=coredns
                   release=prometheus
Annotations:       meta.helm.sh/release-name: prometheus
                   meta.helm.sh/release-namespace: monitoring
Selector:          k8s-app=kube-dns
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                None
IPs:               None
Port:              http-metrics  9153/TCP
TargetPort:        9153/TCP
Endpoints:         <none>
Session Affinity:  None
Events:            <none>

]$ kubectl describe svc/prometheus-kube-prometheus-coredns -n kube-system

Name: prometheus-kube-prometheus-coredns

Namespace: kube-system

Labels: app=kube-prometheus-stack-coredns

app.kubernetes.io/instance=prometheus

app.kubernetes.io/managed-by=Helm

app.kubernetes.io/part-of=kube-prometheus-stack

app.kubernetes.io/version=70.4.1

chart=kube-prometheus-stack-70.4.1

heritage=Helm

jobLabel=coredns

release=prometheus

Annotations: meta.helm.sh/release-name: prometheus

meta.helm.sh/release-namespace: monitoring

Selector: k8s-app=kube-dns

Type: ClusterIP

IP Family Policy: SingleStack

IP Families: IPv4

IP: None

IPs: None

Port: http-metrics 9153/TCP

TargetPort: 9153/TCP

Endpoints: <none>

Session Affinity: None

Events: <none>

Selector 를 보면 k8s-app=kube-dns 로 보인다. 이것이 맞지 않아서 관련 내용을 가지고 오지 못하는 원인다. 이것을 k8s-app=coredns 로 바꿔 준다.

이렇게 하고 Prometheus 에 Status > Target health 에서 coredns 를 보면 스크랩이 잘되는 것으로 바뀐다.

Etcd

Prometheus 에서 Status > Target health 에서 ‘http://192.168.96.60:2381/metrics‘ 로 EndPoint 로 설정되어 있다. curl 로 긁어보면 다음과 같이 나온다.

]$ curl http://192.168.96.60:2381/metrics
curl: (7) Failed to connect to 192.168.96.60 port 2381: 연결이 거부됨

1 2	]$ curl http://192.168.96.60:2381/metrics curl: (7) Failed to connect to 192.168.96.60 port 2381: 연결이 거부됨

Etcd 의 경우에는 상태 모니터링을 위한 파라메터 설정을 해줘야 한다. 하지만 kubeadm 으로 K8S 를 설치한 경우에 etcd 는 Master Controll Plane 으로 동작하기 때문에 파라메터 수정을 위해서는 manifest 파일을 수정으로 해야 한다.

]$ vim /etc/kubernetes/manifests/etcd.yaml
    - --listen-client-urls=https://127.0.0.1:2379,https://192.168.96.60:2379
    - --listen-metrics-urls=http://127.0.0.1:2381
    - --listen-peer-urls=https://192.168.96.60:2380

]$ vim /etc/kubernetes/manifests/etcd.yaml

- --listen-client-urls=https://127.0.0.1:2379,https://192.168.96.60:2379

- --listen-metrics-urls=http://127.0.0.1:2381

- --listen-peer-urls=https://192.168.96.60:2380

2381 포트를 보면, 127.0.0.1 만 엔드포인트로 되어 있다. 192.168.96.60 을 추가해 준다. 그러면 정상화 된다.

Controller Manager

Prometheus 에서 Status > Target health 에서 ‘dial tcp 192.168.96.60:10257: connect: connection refused’ 에러 메시지가 나타난다.

Controller Manager 또한 Master Controller Plane 이기 때문에 manifest 파일을 수정해줘야 한다.

]$ vim /etc/kubernetes/manifest/kube-controller-manager.yaml 
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt

]$ vim /etc/kubernetes/manifest/kube-controller-manager.yaml

- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf

- --bind-address=127.0.0.1

- --client-ca-file=/etc/kubernetes/pki/ca.crt

bind-address 주소가 localhost 로 되어 있기 때문에 refused 된 것으로 보인다. 0.0.0.0 으로 바꾼다.

kube-scheduler

kube-scheduler 도 위에 controller manager 처럼 bind-address 가 localhost 로 되어 있다. 0.0.0.0 으로 바꾼다.

kube-proxy

kube-proxy 는 DaemonSet 오브젝트다. 설정 파일이 있는 것처럼 나오지만 설정파일은 없고, 대신 ConfigMap 으로 존재한다. 이 ConfigMap 에 metricsBindAddress 값이 없다. 이 값을 0.0.0.0 으로 지정해 준다.

]$ kubectl edit cm kube-proxy -n kube-system
   metricsBindAddress: 0.0.0.0

1 2	]$ kubectl edit cm kube-proxy -n kube-system metricsBindAddress: 0.0.0.0

DaemonSet 은 자동으로 재시작되지 않는다. Rollout 업데이트를 해준다.

]$ kubectl rollout restart ds/kube-proxy -n kube-system
daemonset.apps/kube-proxy restarted

1 2	]$ kubectl rollout restart ds/kube-proxy -n kube-system daemonset.apps/kube-proxy restarted

04/03/2025

kube-prometheus-stack 설치

기존에 prometheus 설치를 했었는데, 버전을 올릴겸해서 다시 설치를 했다. 설치는 Helm 을 이용했고, 기존에 설치된 버전을 삭제 처리 했다.

환경

K8S 환경이 매우 중요하다. 필자의 환경은 Handy way 방법으로 설치를 진행한 상황이기 때문에 etcd, apiserver, scheduler 가 OS 데몬으로 운영되고 있다. 따라서 Master, Worker 노드의 IP 를 필요로 한다.

만일 kubeadm 으로 설치했다면 selector 를 이용해서 라벨을 선택해주면 된다.

삭제

Helm 을 이용해서 설치했기 때문에 Helm 으로 삭제를 해야 한다. 여기서 한가지 주의해야 하는 것이 있는데, Helm 으로 삭제를 하여도 CRD(Custom Resource Definition) 은 삭제되지 않기 때문에 수동으로 삭제를 해줘야 한다.

~$ helm delete prometheus -n monitoring
~$ kubectl get crd | grep monitoring
alertmanagerconfigs.monitoring.coreos.com             2025-04-02T09:45:05Z
alertmanagers.monitoring.coreos.com                   2025-04-02T09:45:05Z
podmonitors.monitoring.coreos.com                     2025-04-02T09:45:05Z
probes.monitoring.coreos.com                          2025-04-02T09:45:06Z
prometheusagents.monitoring.coreos.com                2025-04-02T09:45:06Z
prometheuses.monitoring.coreos.com                    2025-04-02T09:45:06Z
prometheusrules.monitoring.coreos.com                 2025-04-02T09:45:07Z
scrapeconfigs.monitoring.coreos.com                   2025-04-02T09:45:07Z
servicemonitors.monitoring.coreos.com                 2025-04-02T09:45:07Z
thanosrulers.monitoring.coreos.com                    2025-04-02T09:45:08Z

~$ helm delete prometheus -n monitoring

~$ kubectl get crd | grep monitoring

alertmanagerconfigs.monitoring.coreos.com 2025-04-02T09:45:05Z

alertmanagers.monitoring.coreos.com 2025-04-02T09:45:05Z

podmonitors.monitoring.coreos.com 2025-04-02T09:45:05Z

probes.monitoring.coreos.com 2025-04-02T09:45:06Z

prometheusagents.monitoring.coreos.com 2025-04-02T09:45:06Z

prometheuses.monitoring.coreos.com 2025-04-02T09:45:06Z

prometheusrules.monitoring.coreos.com 2025-04-02T09:45:07Z

scrapeconfigs.monitoring.coreos.com 2025-04-02T09:45:07Z

servicemonitors.monitoring.coreos.com 2025-04-02T09:45:07Z

thanosrulers.monitoring.coreos.com 2025-04-02T09:45:08Z

남아 있는 crd 가 다를 수가 있지만, 반드시 삭제를 해줘야 문제가 발생하지 않는다. crd 는 다른 프로그램에서도 삭제가 되지 않는 경우가 많다.

Helm repo update

Helm 저장소를 업데이트를 해야 한다.

~$ helm repo list
NAME                    URL                                                
stable                  https://charts.helm.sh/stable                      
prometheus-community    https://prometheus-community.github.io/helm-charts 
ingress-nginx           https://kubernetes.github.io/ingress-nginx         
coredns                 https://coredns.github.io/helm                     
istio                   https://istio-release.storage.googleapis.com/charts
~$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "coredns" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "istio" chart repository
...Successfully got an update from the "prometheus-community" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈Happy Helming!⎈

~$ helm repo list

NAME URL

stable https://charts.helm.sh/stable

prometheus-community https://prometheus-community.github.io/helm-charts

ingress-nginx https://kubernetes.github.io/ingress-nginx

coredns https://coredns.github.io/helm

istio https://istio-release.storage.googleapis.com/charts

~$ helm repo update

Hang tight while we grab the latest from your chart repositories...

...Successfully got an update from the "coredns" chart repository

...Successfully got an update from the "ingress-nginx" chart repository

...Successfully got an update from the "istio" chart repository

...Successfully got an update from the "prometheus-community" chart repository

...Successfully got an update from the "stable" chart repository

Update Complete. ⎈Happy Helming!⎈

Download a chart and untar

Helm Chart 를 다운로드하고 압축해제 한다. 이렇게 함으로써 values.yaml 파일을 수정할 수 있게된다.

~$ helm pull prometheus-community/kube-prometheus-stack --untar

1	~$ helm pull prometheus-community/kube-prometheus-stack --untar

다운로드와 함께 압축을 해제해 준다.

Values.yaml 파일 수정

어떤 내용들을 수정할지는 어떤 것을 모니터링 할지, 어떤 부분이 있는지에 따라서 달라진다. 변경된 내용은 대략 다음과 같다.

--- values.yaml 2025-04-02 16:05:17.534060819 +0000
+++ /home/systemv/kube-prometheus-stack/values.yaml     2025-04-02 16:23:06.908277193 +0000
@@ -1049,7 +1049,8 @@
     ## Define which Nodes the Pods are scheduled on.
     ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
     ##
-    nodeSelector: {}
+    nodeSelector: 
+      system.rule: monitoring

     ## Define resources requests and limits for single Pods.
     ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -1775,10 +1776,10 @@
 
   ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
   ##  
-  endpoints: []
-  # - 10.141.4.22
-  # - 10.141.4.23 
-  # - 10.141.4.24
+  endpoints:
+    - 192.168.96.46
+    - 192.168.96.47
+    - 192.168.96.48

   ## If using kubeControllerManager.endpoints only the port and targetPort are used
   ##
@@ -1888,8 +1889,8 @@
       enabled: false
       ipFamilies: ["IPv6", "IPv4"]
       ipFamilyPolicy: "PreferDualStack"
-    # selector:
-    #   k8s-app: kube-dns
+    selector:
+      k8s-app: coredns
   serviceMonitor: 
     enabled: true
     ## Scrape interval. If not set, the Prometheus default scrape interval is used.
@@ -2062,10 +2063,10 @@

   ## If your etcd is not deployed as a pod, specify IPs it can be found on
   ##
-  endpoints: []
-  # - 10.141.4.22
-  # - 10.141.4.23
-  # - 10.141.4.24
+  endpoints: 
+    - 192.168.96.46
+    - 192.168.96.47
+    - 192.168.96.48

   ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
   ##
@@ -2171,10 +2172,10 @@

   ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
   ##
-  endpoints: []
-  # - 10.141.4.22
-  # - 10.141.4.23
-  # - 10.141.4.24
+  endpoints:
+    - 192.168.96.46
+    - 192.168.96.47
+    - 192.168.96.48

   ## If using kubeScheduler.endpoints only the port and targetPort are used
   ##
@@ -2277,10 +2278,10 @@

   ## If your kube proxy is not deployed as a pod, specify IPs it can be found on
   ##
-  endpoints: []
-  # - 10.141.4.22
-  # - 10.141.4.23
-  # - 10.141.4.24
+  endpoints: 
+    - 192.168.96.46
+    - 192.168.96.47
+    - 192.168.96.48

   service:
     enabled: true
@@ -2790,7 +2791,8 @@
       ## Define which Nodes the Pods are scheduled on.
       ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
       ##
-      nodeSelector: {}
+      nodeSelector:
+        system.rule: monitoring

       ## Tolerations for use with node taints
       ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
@@ -3145,7 +3147,8 @@
   ## Define which Nodes the Pods are scheduled on.
   ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
   ##
-  nodeSelector: {}
+  nodeSelector: 
+    system.rule: monitoring

   ## Tolerations for use with node taints
   ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
@@ -3997,7 +4000,8 @@
     ## Define which Nodes the Pods are scheduled on.
     ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
     ##
-    nodeSelector: {}
+    nodeSelector:
+      system.rule: monitoring

     ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
     ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
@@ -5180,7 +5184,8 @@
     ## Define which Nodes the Pods are scheduled on.
     ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
     ##
-    nodeSelector: {}
+    nodeSelector: 
+      system.rule: monitoring

     ## Define resources requests and limits for single Pods.
     ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

--- values.yaml 2025-04-02 16:05:17.534060819 +0000

+++ /home/systemv/kube-prometheus-stack/values.yaml 2025-04-02 16:23:06.908277193 +0000

@@ -1049,7 +1049,8 @@

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

- nodeSelector: {}

+ nodeSelector:

+ system.rule: monitoring

## Define resources requests and limits for single Pods.

## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

@@ -1775,10 +1776,10 @@

## If your kube controller manager is not deployed as a pod, specify IPs it can be found on

- endpoints: []

- # - 10.141.4.22

- # - 10.141.4.23

- # - 10.141.4.24

+ endpoints:

+ - 192.168.96.46

+ - 192.168.96.47

+ - 192.168.96.48

## If using kubeControllerManager.endpoints only the port and targetPort are used

@@ -1888,8 +1889,8 @@

enabled: false

ipFamilies: ["IPv6", "IPv4"]

ipFamilyPolicy: "PreferDualStack"

- # selector:

- # k8s-app: kube-dns

+ selector:

+ k8s-app: coredns

serviceMonitor:

enabled: true

## Scrape interval. If not set, the Prometheus default scrape interval is used.

@@ -2062,10 +2063,10 @@

## If your etcd is not deployed as a pod, specify IPs it can be found on

- endpoints: []

- # - 10.141.4.22

- # - 10.141.4.23

- # - 10.141.4.24

+ endpoints:

+ - 192.168.96.46

+ - 192.168.96.47

+ - 192.168.96.48

## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used

@@ -2171,10 +2172,10 @@

## If your kube scheduler is not deployed as a pod, specify IPs it can be found on

- endpoints: []

- # - 10.141.4.22

- # - 10.141.4.23

- # - 10.141.4.24

+ endpoints:

+ - 192.168.96.46

+ - 192.168.96.47

+ - 192.168.96.48

## If using kubeScheduler.endpoints only the port and targetPort are used

@@ -2277,10 +2278,10 @@

## If your kube proxy is not deployed as a pod, specify IPs it can be found on

- endpoints: []

- # - 10.141.4.22

- # - 10.141.4.23

- # - 10.141.4.24

+ endpoints:

+ - 192.168.96.46

+ - 192.168.96.47

+ - 192.168.96.48

service:

enabled: true

@@ -2790,7 +2791,8 @@

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

- nodeSelector: {}

+ nodeSelector:

+ system.rule: monitoring

## Tolerations for use with node taints

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

@@ -3145,7 +3147,8 @@

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

- nodeSelector: {}

+ nodeSelector:

+ system.rule: monitoring

## Tolerations for use with node taints

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

@@ -3997,7 +4000,8 @@

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

- nodeSelector: {}

+ nodeSelector:

+ system.rule: monitoring

## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.

## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not

@@ -5180,7 +5184,8 @@

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

- nodeSelector: {}

+ nodeSelector:

+ system.rule: monitoring

## Define resources requests and limits for single Pods.

## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

nodeSelector 에 system.rule: monitoring 이 보이는데, 이는 Worker 노드에 라벨을 말한다. 선택된 라벨을 가지고 있는 Worker 노드에 Prometheus 가 설치된다. 단, 이것도 상황에 따라서 달라지는데 Node exporter 의 경우에는 각 노드에 설치가 되어야 하기 때문에 라벨을 설정하지 않는다.

Node 라벨 생성

system.rule: monitoring 이라는 라벨을 생성해야 한다.

$ kubectl get node --show-labels
NAME                     STATUS   ROLES    AGE   VERSION   LABELS
kworker1.systemv.local   Ready    <none>   97d   v1.20.6   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker1.systemv.local,kubernetes.io/os=linux
kworker2.systemv.local   Ready    <none>   97d   v1.20.6   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker2.systemv.local,kubernetes.io/os=linux
kworker3.systemv.local   Ready    <none>   97d   v1.20.6   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker3.systemv.local,kubernetes.io/os=linux
$ kubectl label nodes kworker3.systemv.local system.rule=monitoring
node/kworker3.systemv.local labeled

$ kubectl get node --show-labels

NAME STATUS ROLES AGE VERSION LABELS

kworker1.systemv.local Ready <none> 97d v1.20.6 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker1.systemv.local,kubernetes.io/os=linux

kworker2.systemv.local Ready <none> 97d v1.20.6 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker2.systemv.local,kubernetes.io/os=linux

kworker3.systemv.local Ready <none> 97d v1.20.6 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kworker3.systemv.local,kubernetes.io/os=linux

$ kubectl label nodes kworker3.systemv.local system.rule=monitoring

node/kworker3.systemv.local labeled

이렇게 하면 kworker3 에 prometheus 가 설치된다.

Dependency Update

Helm 을 이용해서 설치해야 한다. 그전에 kube-prometheus-stack 에 의존성이 있는 패키지를 업데이트 해줘야 한다.

~$ helm dependency update

1	~$ helm dependency update

설치

Helm 을 이용해 수정한 values.yaml 을 가지고 설치를 한다.

systemv@kmaster1:~/kube-prometheus-stack$ helm install -f values.yaml prometheus --namespace=monitoring .
systemv@kmaster1:~/kube-prometheus-stack$ helm list -A
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
coredns         kube-system     1               2025-04-01 15:27:24.120344029 +0000 UTC deployed        coredns-1.39.2                  1.12.0     
prometheus      monitoring      1               2025-04-02 09:45:15.385967452 +0000 UTC deployed        kube-prometheus-stack-70.4.0    v0.81.0

systemv@kmaster1:~/kube-prometheus-stack$ helm install -f values.yaml prometheus --namespace=monitoring .

systemv@kmaster1:~/kube-prometheus-stack$ helm list -A

NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION

coredns kube-system 1 2025-04-01 15:27:24.120344029 +0000 UTC deployed coredns-1.39.2 1.12.0

prometheus monitoring 1 2025-04-02 09:45:15.385967452 +0000 UTC deployed kube-prometheus-stack-70.4.0 v0.81.0

설치가 완료 되면 Pod, Service 에 Prometheus 가 올라오게 된다.

02/12/2022

Calico Metrics 모니터링 하기

Calico 는 쿠버네티스(Kubernetes) 의 CNI 다. 쉽게 말해서 쿠버네티스의 네트워킹을 가능하게 해준다. 설치도 쉽게 할수 있는데, 프로메테우스에서 Calico 모니터링을 하기 위해서는 추가적인 작업이 필요한데 여기에 대해서 알아본다.

calicoctl

calicoctl 을 설치해야 한다. 이 파일은 바이너리이며 wget, curl 명령어를 이용해서 설치가 가능하다. 설치를 한 후에 이것을 사용하기 위해서는 다음과 같이 환경변수를 설정해 준다.

$ export DATASTORE_TYPE=kubernetes
$ export KUBECONFIG=~/.kube/config
$ calicoctl get nodes
NAME                     
kworker1.systemv.local   
kworker2.systemv.local   
kworker3.systemv.local
$ calicoctl get workloadendpoints
WORKLOAD                                 NODE                     NETWORKS          INTERFACE         
dnsutils                                 kworker2.systemv.local   10.31.168.71/32   calib3c61c3cba9   
springboot-deployment-77db875f78-9fshx   kworker3.systemv.local   10.31.4.57/32     cali11c98587cc4   
springboot-deployment-77db875f78-km8rd   kworker1.systemv.local   10.31.20.48/32    cali712f16523f2   
springboot-deployment-77db875f78-nj7t7   kworker1.systemv.local   10.31.20.57/32    calibcff04191b7
$ calicoctl get ippools
NAME                  CIDR           SELECTOR   
default-ipv4-ippool   10.31.0.0/16   all()

$ export DATASTORE_TYPE=kubernetes

$ export KUBECONFIG=~/.kube/config

$ calicoctl get nodes

NAME

kworker1.systemv.local

kworker2.systemv.local

kworker3.systemv.local

$ calicoctl get workloadendpoints

WORKLOAD NODE NETWORKS INTERFACE

dnsutils kworker2.systemv.local 10.31.168.71/32 calib3c61c3cba9

springboot-deployment-77db875f78-9fshx kworker3.systemv.local 10.31.4.57/32 cali11c98587cc4

springboot-deployment-77db875f78-km8rd kworker1.systemv.local 10.31.20.48/32 cali712f16523f2

springboot-deployment-77db875f78-nj7t7 kworker1.systemv.local 10.31.20.57/32 calibcff04191b7

$ calicoctl get ippools

NAME CIDR SELECTOR

default-ipv4-ippool 10.31.0.0/16 all()

calicoctl 명령어는 다양한 질의를 할 수 있다.

Calico CRD

Calico 설치를 메니페스트로 설치를 하게 되면 CRD 가 생성되면서 CRD 에 정의된 오브젝트가 함께 생성된다.

$ kubectl get crd | grep calico
bgpconfigurations.crd.projectcalico.org               2021-04-18T17:42:07Z
bgppeers.crd.projectcalico.org                        2021-04-18T17:42:07Z
blockaffinities.crd.projectcalico.org                 2021-04-18T17:42:08Z
caliconodestatuses.crd.projectcalico.org              2022-01-28T16:00:01Z
clusterinformations.crd.projectcalico.org             2021-04-18T17:42:08Z
felixconfigurations.crd.projectcalico.org             2021-04-18T17:42:08Z
globalnetworkpolicies.crd.projectcalico.org           2021-04-18T17:42:08Z
globalnetworksets.crd.projectcalico.org               2021-04-18T17:42:08Z
hostendpoints.crd.projectcalico.org                   2021-04-18T17:42:08Z
ipamblocks.crd.projectcalico.org                      2021-04-18T17:42:09Z
ipamconfigs.crd.projectcalico.org                     2021-04-18T17:42:09Z
ipamhandles.crd.projectcalico.org                     2021-04-18T17:42:09Z
ippools.crd.projectcalico.org                         2021-04-18T17:42:09Z
ipreservations.crd.projectcalico.org                  2022-01-28T16:00:02Z
kubecontrollersconfigurations.crd.projectcalico.org   2021-04-18T17:42:09Z
networkpolicies.crd.projectcalico.org                 2021-04-18T17:42:09Z
networksets.crd.projectcalico.org                     2021-04-18T17:42:10Z

$ kubectl get crd | grep calico

bgpconfigurations.crd.projectcalico.org 2021-04-18T17:42:07Z

bgppeers.crd.projectcalico.org 2021-04-18T17:42:07Z

blockaffinities.crd.projectcalico.org 2021-04-18T17:42:08Z

caliconodestatuses.crd.projectcalico.org 2022-01-28T16:00:01Z

clusterinformations.crd.projectcalico.org 2021-04-18T17:42:08Z

felixconfigurations.crd.projectcalico.org 2021-04-18T17:42:08Z

globalnetworkpolicies.crd.projectcalico.org 2021-04-18T17:42:08Z

globalnetworksets.crd.projectcalico.org 2021-04-18T17:42:08Z

hostendpoints.crd.projectcalico.org 2021-04-18T17:42:08Z

ipamblocks.crd.projectcalico.org 2021-04-18T17:42:09Z

ipamconfigs.crd.projectcalico.org 2021-04-18T17:42:09Z

ipamhandles.crd.projectcalico.org 2021-04-18T17:42:09Z

ippools.crd.projectcalico.org 2021-04-18T17:42:09Z

ipreservations.crd.projectcalico.org 2022-01-28T16:00:02Z

kubecontrollersconfigurations.crd.projectcalico.org 2021-04-18T17:42:09Z

networkpolicies.crd.projectcalico.org 2021-04-18T17:42:09Z

networksets.crd.projectcalico.org 2021-04-18T17:42:10Z

이것을 언급하는 이유는 Calico 홈페이지에 보면 이에 대한 언급이 많이 되어 있지 않은채, API 를 언급하고 있다. 만일 API 조회를 해봤는데 없다면 CRD 를 살펴보고 찾으면 된다.

Monitor Calico component metrics

Felix configuration

이제 Calico 의 컴포넌트 메트릭을 활성화 해보자. 이를 위해서는 felixconfigurations 의 설정을 먼저 바꿔야 한다. 이를 위해서 calicoctl 명령어를 활용한다.

$ kubectl get felixconfigurations -o yaml
apiVersion: v1
items:
- apiVersion: crd.projectcalico.org/v1
  kind: FelixConfiguration
  metadata:
    annotations:
      projectcalico.org/metadata: '{"uid":"92e205c7-7ba5-48f2-997d-e6c50b9893df","creationTimestamp":"2021-04-18T17:42:57Z"}'
    creationTimestamp: "2021-04-18T17:42:57Z"
    generation: 2
    name: default
    resourceVersion: "35474"
    uid: 92e205c7-7ba5-48f2-997d-e6c50b9893df
  spec:
    bpfLogLevel: ""
    ipipEnabled: true
    logSeverityScreen: Info
    reportingInterval: 0s
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
$ calicoctl patch felixConfiguration default  --patch '{"spec":{"prometheusMetricsEnabled": true}}'
Successfully patched 1 'FelixConfiguration' resource
$ kubectl get felixconfigurations -o yaml
apiVersion: v1
items:
- apiVersion: crd.projectcalico.org/v1
  kind: FelixConfiguration
  metadata:
    annotations:
      projectcalico.org/metadata: '{"uid":"92e205c7-7ba5-48f2-997d-e6c50b9893df","creationTimestamp":"2021-04-18T17:42:57Z"}'
    creationTimestamp: "2021-04-18T17:42:57Z"
    generation: 3
    name: default
    resourceVersion: "1015953"
    uid: 92e205c7-7ba5-48f2-997d-e6c50b9893df
  spec:
    bpfLogLevel: ""
    ipipEnabled: true
    logSeverityScreen: Info
    prometheusMetricsEnabled: true
    reportingInterval: 0s
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

$ kubectl get felixconfigurations -o yaml

apiVersion: v1

items:

- apiVersion: crd.projectcalico.org/v1

kind: FelixConfiguration

metadata:

annotations:

projectcalico.org/metadata: '{"uid":"92e205c7-7ba5-48f2-997d-e6c50b9893df","creationTimestamp":"2021-04-18T17:42:57Z"}'

creationTimestamp: "2021-04-18T17:42:57Z"

generation: 2

resourceVersion: "35474"

uid: 92e205c7-7ba5-48f2-997d-e6c50b9893df

spec:

bpfLogLevel: ""

ipipEnabled: true

logSeverityScreen: Info

reportingInterval: 0s

kind: List

metadata:

resourceVersion: ""

selfLink: ""

$ calicoctl patch felixConfiguration default --patch '{"spec":{"prometheusMetricsEnabled": true}}'

Successfully patched 1 'FelixConfiguration' resource

$ kubectl get felixconfigurations -o yaml

apiVersion: v1

items:

- apiVersion: crd.projectcalico.org/v1

kind: FelixConfiguration

metadata:

annotations:

projectcalico.org/metadata: '{"uid":"92e205c7-7ba5-48f2-997d-e6c50b9893df","creationTimestamp":"2021-04-18T17:42:57Z"}'

creationTimestamp: "2021-04-18T17:42:57Z"

generation: 3

resourceVersion: "1015953"

uid: 92e205c7-7ba5-48f2-997d-e6c50b9893df

spec:

bpfLogLevel: ""

ipipEnabled: true

logSeverityScreen: Info

prometheusMetricsEnabled: true

reportingInterval: 0s

kind: List

metadata:

resourceVersion: ""

selfLink: ""

Creating a service to expose Felix metrics

이제 프로메테우스에서 메트릭 수집을 위한 서비스를 다음과 같이 만든다.

$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
  name: calico-felix-metrics-svc
  namespace: kube-system
  labels:
    app.kubernetes.io/instance: calico
    app.kubernetes.io/name: felix
    k8s-app: felix-metrics
spec:
  selector:
    k8s-app: calico-node
  ports:
  - name: metrics
    port: 9091
    protocol: TCP
    targetPort: 9091
EOF
service/felix-metrics-svc created

$ kubectl apply -f - <<EOF

apiVersion: v1

kind: Service

metadata:

namespace: kube-system

labels:

app.kubernetes.io/instance: calico

app.kubernetes.io/name: felix

k8s-app: felix-metrics

spec:

selector:

k8s-app: calico-node

ports:

- name: metrics

port: 9091

protocol: TCP

targetPort: 9091

EOF

service/felix-metrics-svc created

Felix 는 쿠버네티스 WorkerNode 에서 실행되는 CNI 를 말한다. 셀렉터를 보면 k8s-app: calico-node 를 설정하고 있는데, Calico Node 의 Pods 를 지정한 것이다.

또, 나중에 ServiceMonitor 설정을 위해서 Labels 를 잘 설정해줘야 한다.

Typha 설정은 하지 않는다. 50개 노드 이하로 설치를 했기 때문에 Typha 가 없다.

Confirm prometheus metrics port

쿠버네티스는 컨트롤 설정을 하나로 모아 놨다. 이 설정을 보면 여러가지 오브젝트에 대한 내용도 나오는데, 이 오브젝트에 대한 프로메테우스 엔드포인트는 9094로 정의 되어 있다. 이 포트를 이용하면 모든 메트릭의 엔드포이트를 가지고 올 수 있다.

$ kubectl get kubecontrollersconfiguration -o yaml
apiVersion: v1
items:
- apiVersion: crd.projectcalico.org/v1
  kind: KubeControllersConfiguration
  metadata:
    annotations:
      projectcalico.org/metadata: '{"uid":"d2a63152-c0ba-407c-9d2e-8be8d559d941","creationTimestamp":"2021-04-18T17:43:07Z"}'
    creationTimestamp: "2021-04-18T17:43:07Z"
    generation: 4
    name: default
    resourceVersion: "797517"
    uid: d2a63152-c0ba-407c-9d2e-8be8d559d941
  spec:
    controllers:
      namespace:
        reconcilerPeriod: 5m0s
      node:
        leakGracePeriod: 15m0s
        reconcilerPeriod: 5m0s
        syncLabels: Enabled
      policy:
        reconcilerPeriod: 5m0s
      serviceAccount:
        reconcilerPeriod: 5m0s
      workloadEndpoint:
        reconcilerPeriod: 5m0s
    etcdV3CompactionPeriod: 10m0s
    healthChecks: Enabled
    logSeverityScreen: Info
    prometheusMetricsPort: 9094
  status:
    environmentVars:
      DATASTORE_TYPE: kubernetes
      ENABLED_CONTROLLERS: node
    runningConfig:
      controllers:
        node:
          hostEndpoint:
            autoCreate: Disabled
          leakGracePeriod: 15m0s
          syncLabels: Disabled
      etcdV3CompactionPeriod: 10m0s
      healthChecks: Enabled
      logSeverityScreen: Info
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

$ kubectl get kubecontrollersconfiguration -o yaml

apiVersion: v1

items:

- apiVersion: crd.projectcalico.org/v1

kind: KubeControllersConfiguration

metadata:

annotations:

projectcalico.org/metadata: '{"uid":"d2a63152-c0ba-407c-9d2e-8be8d559d941","creationTimestamp":"2021-04-18T17:43:07Z"}'

creationTimestamp: "2021-04-18T17:43:07Z"

generation: 4

resourceVersion: "797517"

uid: d2a63152-c0ba-407c-9d2e-8be8d559d941

spec:

controllers:

namespace:

reconcilerPeriod: 5m0s

node:

leakGracePeriod: 15m0s

reconcilerPeriod: 5m0s

syncLabels: Enabled

policy:

reconcilerPeriod: 5m0s

serviceAccount:

reconcilerPeriod: 5m0s

workloadEndpoint:

reconcilerPeriod: 5m0s

etcdV3CompactionPeriod: 10m0s

healthChecks: Enabled

logSeverityScreen: Info

prometheusMetricsPort: 9094

status:

environmentVars:

DATASTORE_TYPE: kubernetes

ENABLED_CONTROLLERS: node

runningConfig:

controllers:

node:

hostEndpoint:

autoCreate: Disabled

leakGracePeriod: 15m0s

syncLabels: Disabled

etcdV3CompactionPeriod: 10m0s

healthChecks: Enabled

logSeverityScreen: Info

kind: List

metadata:

resourceVersion: ""

selfLink: ""

Creating a service to expose kube-controllers metrics

앞에 Felix 는 Node 의 CNI 라고 한다면 이를 제어하는 것이 컨트롤러이다. 이를 위한 서비스를 다음과 같이 생성해 준다.

$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
  name: calico-kube-controllers-metrics-svc
  namespace: kube-system
  labels:
    app.kubernetes.io/instance: calico
    app.kubernetes.io/name: calico-kube-controllers-metrics-svc
    k8s-app: calico-kube-controllers-metrics-metrics
spec:
  selector:
    k8s-app: calico-kube-controllers
  ports:
  - name: metrics
    port: 9094
    protocol: TCP
    targetPort: 9094
EOF

$ kubectl apply -f - <<EOF

apiVersion: v1

kind: Service

metadata:

namespace: kube-system

labels:

app.kubernetes.io/instance: calico

app.kubernetes.io/name: calico-kube-controllers-metrics-svc

k8s-app: calico-kube-controllers-metrics-metrics

spec:

selector:

k8s-app: calico-kube-controllers

ports:

- name: metrics

port: 9094

protocol: TCP

targetPort: 9094

EOF

Calico-kube-controllers 의 Pods 를 찾기 위해서 셀렉터 k8s-app: calico-kube-controllers 지정해 준다. 그리고 ServiceMonitor 에서 찾을 수 있도록 Labels 를 설정해 줬다.

Prometheus ServiceMonitor 생성

나는 프로메테우스를 Operator 로 설치했다. Prometheus-Operator 설치를 할 경우에 메트릭 수집은 ServiceMonitor 를 통해서 이루어진다. 이 ServiceMonitor 는 Prometheus 의 설정을 함께 적용하면서 동작한다. Prometheus 의 Scape 을 ServiceMonitor 가 대신하는 것이라고 생각하면 쉽다.

Felix 를 위한 ServiceMonitor

Felix 를 위한 ServiceMonitor 는 다음과 같다.

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    serviceapp: calico-felix-servicemonitor
    release: prometheus
  name: prometheus-kube-prometheus-calico-felix
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - kube-system
  selector:
    matchLabels:
      app.kubernetes.io/instance: calico
      app.kubernetes.io/name: felix
      k8s-app: felix-metrics
  jobLabel: felix_metrics
  endpoints:
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    interval: 15s
    port: metrics
    relabelings:
    - sourceLabels: [__meta_kubernetes_service_name]
      regex: calico-felix-metrics-svc
      action: keep
      replacement: $1

apiVersion: monitoring.coreos.com/v1

kind: ServiceMonitor

metadata:

labels:

serviceapp: calico-felix-servicemonitor

release: prometheus

namespace: monitoring

spec:

namespaceSelector:

matchNames:

- kube-system

selector:

matchLabels:

app.kubernetes.io/instance: calico

app.kubernetes.io/name: felix

k8s-app: felix-metrics

jobLabel: felix_metrics

endpoints:

- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

interval: 15s

port: metrics

relabelings:

- sourceLabels: [__meta_kubernetes_service_name]

regex: calico-felix-metrics-svc

action: keep

replacement: $1

셀렉터를 이용해서 Service 의 Felix 를 지정해줬고, 스크랩에서도 Felix 를 인식하도록 서비스 이름을 지정해 줬다.

Calico Kube Controller ServiceMonitor

Calico kube controller 를 위한 ServiceMonitor 는 다음과 같다.

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    serviceapp: calico-kube-controller-servicemonitor
    release: prometheus
  name: prometheus-kube-prometheus-calico-controller
  namespace: monitoring
spec:
  namespaceSelector:
    matchNames:
    - kube-system
  selector:
    matchLabels:
      app.kubernetes.io/instance: calico
      app.kubernetes.io/name: calico-kube-controllers-metrics-svc
      k8s-app: calico-kube-controllers-metrics-metrics
  jobLabel: calico_kube_controller_metrics
  endpoints:
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    interval: 15s
    port: metrics
    relabelings:
    - sourceLabels: [__meta_kubernetes_service_name]
      regex: calico-kube-controllers-metrics-svc
      action: keep
      replacement: $1

apiVersion: monitoring.coreos.com/v1

kind: ServiceMonitor

metadata:

labels:

serviceapp: calico-kube-controller-servicemonitor

release: prometheus

namespace: monitoring

spec:

namespaceSelector:

matchNames:

- kube-system

selector:

matchLabels:

app.kubernetes.io/instance: calico

app.kubernetes.io/name: calico-kube-controllers-metrics-svc

k8s-app: calico-kube-controllers-metrics-metrics

jobLabel: calico_kube_controller_metrics

endpoints:

- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

interval: 15s

port: metrics

relabelings:

- sourceLabels: [__meta_kubernetes_service_name]

regex: calico-kube-controllers-metrics-svc

action: keep

replacement: $1

위와같이 한 후에 프로메테우스를 살펴보면 다음과 같이 나온다.

2025 4월
일	월	화	수	목	금	토
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30