이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 12. Accessing monitoring APIs by using the CLI


In OpenShift Container Platform 4.15, you can access web service APIs for some monitoring components from the command line interface (CLI).

Important

In certain situations, accessing API endpoints can degrade the performance and scalability of your cluster, especially if you use endpoints to retrieve, send, or query large amounts of metrics data.

To avoid these issues, follow these recommendations:

  • Avoid querying endpoints frequently. Limit queries to a maximum of one every 30 seconds.
  • Do not try to retrieve all metrics data via the /federate endpoint for Prometheus. Query it only when you want to retrieve a limited, aggregated data set. For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.

12.1. About accessing monitoring web service APIs

You can directly access web service API endpoints from the command line for the following monitoring stack components:

  • Prometheus
  • Alertmanager
  • Thanos Ruler
  • Thanos Querier
Note

To access Thanos Ruler and Thanos Querier service APIs, the requesting account must have get permission on the namespaces resource, which can be granted by binding the cluster-monitoring-view cluster role to the account.

When you access web service API endpoints for monitoring components, be aware of the following limitations:

  • You can only use bearer token authentication to access API endpoints.
  • You can only access endpoints in the /api path for a route. If you try to access an API endpoint in a web browser, an Application is not available error occurs. To access monitoring features in a web browser, use the OpenShift Container Platform web console to review monitoring dashboards.

Additional resources

12.2. Accessing a monitoring web service API

The following example shows how to query the service API receivers for the Alertmanager service used in core platform monitoring. You can use a similar method to access the prometheus-k8s service for core platform Prometheus and the thanos-ruler service for Thanos Ruler.

Prerequisites

  • You are logged in to an account that is bound against the monitoring-alertmanager-edit role in the openshift-monitoring namespace.
  • You are logged in to an account that has permission to get the Alertmanager API route.

    Note

    If your account does not have permission to get the Alertmanager API route, a cluster administrator can provide the URL for the route.

Procedure

  1. Extract an authentication token by running the following command:

    $ TOKEN=$(oc whoami -t)
  2. Extract the alertmanager-main API route URL by running the following command:

    $ HOST=$(oc -n openshift-monitoring get route alertmanager-main -ojsonpath={.status.ingress[].host})
  3. Query the service API receivers for Alertmanager by running the following command:

    $ curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v2/receivers"

12.3. Querying metrics by using the federation endpoint for Prometheus

You can use the federation endpoint for Prometheus to scrape platform and user-defined metrics from a network location outside the cluster. To do so, access the Prometheus /federate endpoint for the cluster via an OpenShift Container Platform route.

Important

A delay in retrieving metrics data occurs when you use federation. This delay can affect the accuracy and timeliness of the scraped metrics.

Using the federation endpoint can also degrade the performance and scalability of your cluster, especially if you use the federation endpoint to retrieve large amounts of metrics data. To avoid these issues, follow these recommendations:

  • Do not try to retrieve all metrics data via the federation endpoint for Prometheus. Query it only when you want to retrieve a limited, aggregated data set. For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.
  • Avoid frequent querying of the federation endpoint for Prometheus. Limit queries to a maximum of one every 30 seconds.

If you need to forward large amounts of data outside the cluster, use remote write instead. For more information, see the Configuring remote write storage section.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-monitoring-view cluster role or have obtained a bearer token with get permission on the namespaces resource.

    Note

    You can only use bearer token authentication to access the Prometheus federation endpoint.

  • You are logged in to an account that has permission to get the Prometheus federation route.

    Note

    If your account does not have permission to get the Prometheus federation route, a cluster administrator can provide the URL for the route.

Procedure

  1. Retrieve the bearer token by running the following the command:

    $ TOKEN=$(oc whoami -t)
  2. Get the Prometheus federation route URL by running the following command:

    $ HOST=$(oc -n openshift-monitoring get route prometheus-k8s-federate -ojsonpath={.status.ingress[].host})
  3. Query metrics from the /federate route. The following example command queries up metrics:

    $ curl -G -k -H "Authorization: Bearer $TOKEN" https://$HOST/federate --data-urlencode 'match[]=up'

    Example output

    # TYPE up untyped
    up{apiserver="kube-apiserver",endpoint="https",instance="10.0.143.148:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035322214
    up{apiserver="kube-apiserver",endpoint="https",instance="10.0.148.166:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035338597
    up{apiserver="kube-apiserver",endpoint="https",instance="10.0.173.16:6443",job="apiserver",namespace="default",service="kubernetes",prometheus="openshift-monitoring/k8s",prometheus_replica="prometheus-k8s-0"} 1 1657035343834
    ...

12.4. Accessing metrics from outside the cluster for custom applications

You can query Prometheus metrics from outside the cluster when monitoring your own services with user-defined projects. Access this data from outside the cluster by using the thanos-querier route.

This access only supports using a bearer token for authentication.

Prerequisites

  • You have deployed your own service, following the "Enabling monitoring for user-defined projects" procedure.
  • You are logged in to an account with the cluster-monitoring-view cluster role, which provides permission to access the Thanos Querier API.
  • You are logged in to an account that has permission to get the Thanos Querier API route.

    Note

    If your account does not have permission to get the Thanos Querier API route, a cluster administrator can provide the URL for the route.

Procedure

  1. Extract an authentication token to connect to Prometheus by running the following command:

    $ TOKEN=$(oc whoami -t)
  2. Extract the thanos-querier API route URL by running the following command:

    $ HOST=$(oc -n openshift-monitoring get route thanos-querier -ojsonpath={.status.ingress[].host})
  3. Set the namespace to the namespace in which your service is running by using the following command:

    $ NAMESPACE=ns1
  4. Query the metrics of your own services in the command line by running the following command:

    $ curl -H "Authorization: Bearer $TOKEN" -k "https://$HOST/api/v1/query?" --data-urlencode "query=up{namespace='$NAMESPACE'}"

    The output shows the status for each application pod that Prometheus is scraping:

    The formatted example output

    {
      "status": "success",
      "data": {
        "resultType": "vector",
        "result": [
          {
            "metric": {
              "__name__": "up",
              "endpoint": "web",
              "instance": "10.129.0.46:8080",
              "job": "prometheus-example-app",
              "namespace": "ns1",
              "pod": "prometheus-example-app-68d47c4fb6-jztp2",
              "service": "prometheus-example-app"
            },
            "value": [
              1591881154.748,
              "1"
            ]
          }
        ],
      }
    }

    Note
    • The formatted example output uses a filtering tool, such as jq, to provide the formatted indented JSON. See the jq Manual (jq documentation) for more information about using jq.
    • The command requests an instant query endpoint of the Thanos Querier service, which evaluates selectors at one point in time.

12.5. Additional resources

Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.