第 8 章 公开用于自动扩展的自定义应用程序指标
您可以为 Pod 横向自动扩展导出自定义应用程序指标。
重要
Prometheus Adapter 只是技术预览功能。技术预览功能不被红帽产品服务等级协议 (SLA) 支持,且可能在功能方面有缺陷。红帽不推荐在生产环境中使用它们。这些技术预览功能可以使用户提早试用新的功能,并有机会在开发阶段提供反馈意见。
有关红帽技术预览功能支持范围的详情,请参阅 https://access.redhat.com/support/offerings/techpreview/。
8.1. 公开用于 Pod 横向自动扩展的自定义应用程序指标
您可以使用 prometheus-adapter 资源,为 Pod 横向自动扩展显示自定义应用程序指标。
先决条件
-
您有一个自定义 Prometheus 实例,作为由部署或
StatefulSet对象管理的 Prometheus pod 安装,而不是由 Prometheus 自定义资源(CR)管理。 您已在用户定义的
custom-prometheus项目中安装了自定义 Prometheus 实例。重要如果启用了自定义 Prometheus 实例,并通过 Operator Lifecycle Manager (OLM)安装的 Prometheus Operator 与用户定义的监控不兼容。因此,OpenShift Container Platform 不支持作为由 OLM Prometheus Operator 管理的 Prometheus 自定义资源(CR)安装的自定义 Prometheus 实例。
-
您已在用户定义的项目中部署了应用程序和服务。本例假定应用程序及其服务监控器已安装到用户定义的
custom-prometheus项目。 -
已安装 OpenShift CLI(
oc)。
流程
-
为您的配置创建一个 YAML 文件。在本例中,该文件名为
deploy.yaml。 添加相应的配置详情,以便为
prometheus-adapter创建服务帐户、角色和角色绑定:kind: ServiceAccount apiVersion: v1 metadata: name: custom-metrics-apiserver namespace: custom-prometheus --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: custom-metrics-server-resources rules: - apiGroups: - custom.metrics.k8s.io resources: ["*"] verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: custom-metrics-resource-reader rules: - apiGroups: - "" resources: - namespaces - pods - services verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: custom-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: custom-metrics-apiserver namespace: custom-prometheus --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: custom-metrics-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: custom-metrics-apiserver namespace: custom-prometheus --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: custom-metrics-resource-reader roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: custom-metrics-resource-reader subjects: - kind: ServiceAccount name: custom-metrics-apiserver namespace: custom-prometheus --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: hpa-controller-custom-metrics roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: custom-metrics-server-resources subjects: - kind: ServiceAccount name: horizontal-pod-autoscaler namespace: kube-system ---
添加
prometheus-adapter的自定义指标的配置详情:apiVersion: v1 kind: ConfigMap metadata: name: adapter-config namespace: custom-prometheus data: config.yaml: | rules: - seriesQuery: 'http_requests_total{namespace!="",pod!=""}' 1 resources: overrides: namespace: {resource: "namespace"} pod: {resource: "pod"} service: {resource: "service"} name: matches: "^(.*)_total" as: "${1}_per_second" 2 metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[2m])) by (<<.GroupBy>>)' ---添加将
prometheus-adapter注册为 API 服务的配置详情:apiVersion: v1 kind: Service metadata: annotations: service.beta.openshift.io/serving-cert-secret-name: prometheus-adapter-tls labels: name: prometheus-adapter name: prometheus-adapter namespace: custom-prometheus spec: ports: - name: https port: 443 targetPort: 6443 selector: app: prometheus-adapter type: ClusterIP --- apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1beta1.custom.metrics.k8s.io spec: service: name: prometheus-adapter namespace: custom-prometheus group: custom.metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 ---列出 Prometheus Adapter 镜像:
$ oc get -n openshift-monitoring deploy/prometheus-adapter -o jsonpath="{..image}"添加部署
prometheus-adapter的配置详情:apiVersion: apps/v1 kind: Deployment metadata: labels: app: prometheus-adapter name: prometheus-adapter namespace: custom-prometheus spec: replicas: 1 selector: matchLabels: app: prometheus-adapter template: metadata: labels: app: prometheus-adapter name: prometheus-adapter spec: serviceAccountName: custom-metrics-apiserver containers: - name: prometheus-adapter image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a46915a206cd7d97f240687c618dd59e8848fcc3a0f51e281f3384153a12c3e0 1 args: - --secure-port=6443 - --tls-cert-file=/var/run/serving-cert/tls.crt - --tls-private-key-file=/var/run/serving-cert/tls.key - --logtostderr=true - --prometheus-url=http://prometheus-operated.default.svc:9090/ - --metrics-relist-interval=1m - --v=4 - --config=/etc/adapter/config.yaml ports: - containerPort: 6443 volumeMounts: - mountPath: /var/run/serving-cert name: volume-serving-cert readOnly: true - mountPath: /etc/adapter/ name: config readOnly: true - mountPath: /tmp name: tmp-vol volumes: - name: volume-serving-cert secret: secretName: prometheus-adapter-tls - name: config configMap: name: adapter-config - name: tmp-vol emptyDir: {}- 1
- 指定上一步中找到的 Prometheus Adapter 镜像。
将配置应用到集群:
$ oc apply -f deploy.yaml
输出示例
serviceaccount/custom-metrics-apiserver created clusterrole.rbac.authorization.k8s.io/custom-metrics-server-resources created clusterrole.rbac.authorization.k8s.io/custom-metrics-resource-reader created clusterrolebinding.rbac.authorization.k8s.io/custom-metrics:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/custom-metrics-auth-reader created clusterrolebinding.rbac.authorization.k8s.io/custom-metrics-resource-reader created clusterrolebinding.rbac.authorization.k8s.io/hpa-controller-custom-metrics created configmap/adapter-config created service/prometheus-adapter created apiservice.apiregistration.k8s.io/v1.custom.metrics.k8s.io created deployment.apps/prometheus-adapter created
验证用户定义的项目中的
prometheus-adapterPod 是否处于Running状态。在本例中,项目为custom-prometheus:$ oc -n custom-prometheus get pods prometheus-adapter-<string>
- 现在,应用程序的指标已经公开,并可用于配置 Pod 横向自动扩展。
其他资源
