Clever Geek Handbook

Monitoring Kubernetes with Prometheus and Thanos

On the eve of the start of the professional course "Monitoring and Logging: Zabbix, Prometheus, ELK" , we have prepared an interesting translation for you, and we also offer you to watch a demo lesson on the topic : "Prometheus as a new round of monitoring systems . "

Introduction

Congratulations! You managed to convince your bosses to migrate applications to a microservice architecture using containers and Kubernetes .

You are very happy and everything is going according to plan. You create your first Kubernetes cluster (all major cloud providers - Azure, AWS, and GCP - have simple solutions for provisioning managed or unmanaged Kubernetes ), develop your first containerized application, and deploy it to the cluster. It was easy, wasn't it?

After a while, you realize that things get a little more complicated: you need to deploy multiple applications to the cluster, so you need an Ingress Controller . Next, you want to monitor the load, so you start looking for solutions for that and luckily you find Prometheus . Expand it, add Grafana and that's it!

: " Prometheus "? ? ? Prometheus ? ? HA DR? Prometheus

, , .

Kubernetes

Kubernetes.

Typical Kubernetes cluster
Kubernetes

:

  1. : master- worker-.

  2. Kubernetes.

  3. .

HTTP(s) (REST gRPC), API (Ingress). API :

  1. Kubernetes API Server.

  2. Ingress Controller.

, Azure SQL, Azure Blob .

?

Kubernetes , .

. , , :

  • .

  • (, , , ).

  • (, ..).

  • , .

Kubernetes. Kubernetes :

  • — ready ( ), status, restarts ( ), age ( ).

  • (Deployments) — desired ( ), current ( ), up-to-date ( ), available ( ), age ( ).

  • StatefulSets.

  • CronJobs.

  • ( ).

  • (Health checks).

  • Kubernetes.

  • API-.

  • Etcd.

  • .

.  , . , :

  • HTTP- ( , , . .).

  • (, ).

  • .

, , , . 

Thanos

Thanos — , , Prometheus.

Thanos Prometheus . , global view Prometheus.

Thanos:

  • Sidecar. Prometheus Query Gateway / .

  • Query Gateway. Prometheus API ( Sidecar Store Gateway).

  • Store Gateway. .

  • Compactor. (downsampling) .

  • Receiver. remote-write WAL Prometheus, / .

  • Ruler. recording rules alerting rules Thanos.

.

Thanos

Thanos Sidecar Kubernetes, , Prometheus Grafana.

Prometheus, Prometheus-Operator, Kubernetes, Prometheus.

Prometheus-Operator Helm , , Thanos Sidecar , Kubernetes .

Thanos Sidecar Kubernetes Secret , . 

Microsoft Azure.

account blob-:

az storage account create --name <storage_name> --resource-group <resource_group> --location <location> --sku Standard_LRS --encryption blob

( container) :

az storage container create --account-name <storage_name> --name thanos

:

az storage account keys list -g <resource_group> -n <storage_name>

(thanos-storage-config.yaml):

Kubernetes Secret:

kubectl -n monitoring create secret generic thanos-objstore-config --from-file=thanos.yaml=thanos-storage-config.yaml

prometheus-operator-values.yaml, Prometheus-Operator.

:

helm install --namespace monitoring --name prometheus-operator stable/prometheus-operator -f prometheus-operator-values.yaml

Prometheus Thanos Sidecar, Azure Blob Storage .

Thanos Store Gateway Thanos Sidecar, Ingress. Nginx Ingress Controller, Ingress Controller, gRPC (, Envoy ).

Thanos Store Gateway Thanos Sidecar mutual TLS. .

.pfx-, , openssl:

# public key
openssl pkcs12 -in cert.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > cert.key
# private key
openssl pkcs12 -in cert.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.cer
# certificate authority (CA)
openssl pkcs12 -in cert.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.cer

Kubernetes Secrets.

# a secret to be used for TLS termination
kubectl create secret tls -n monitoring thanos-ingress-secret --key ./cert.key --cert ./cert.cer
# a secret to be used for client authenticating using the same CA
kubectl create secret generic -n monitoring thanos-ca-secret --from-file=ca.crt=./cacerts.cer

, , Kubernetes, ,  Thaos SideCar: 

thanos-0.your.domain
thanos-1.your.domain

Ingress ( ):

Thanos Sidecars !

Thanos

Thanos, , , Thanos . , , .

Thanos Helm ( , , PR).

thanos-values.yaml, .

Thanos Store Gateway blob-, .

kubectl -n thanos create secret generic thanos-objstore-config --from-file=thanos.yaml=thanos-storage-config.yaml

, .

helm install --name thanos --namespace thanos ./thanos -f thanos-values.yaml --set-file query.tlsClient.cert=cert.cer --set-file query.tlsClient.key=cert.key --set-file query.tlsClient.ca=cacerts.cer --set-file store.tlsServer.cert=cert.cer --set-file store.tlsServer.key=cert.key --set-file store.tlsServer.ca=cacerts.cer

Thanos Query Gateway Thanos Storage Gateway, .

, , HTTP- Thanos Query Gateway :

kubectl -n thanos port-forward svc/thanos-query-http 8080:10902

http://localhost:8080, Thanos UI!

Grafana

Grafana, Helm .

grafana-values.yaml :

, . ( — ConfigMap).

:

helm install --name grafana --namespace thanos stable/grafana -f grafana-values.yaml

port-forward:

kubectl -n thanos port-forward svc/grafana 8080:80

… ! Prometheus !

Prometheus Thanos, global view , Prometheus .

Cortex — , , Thanos, .

-, - OTUS .



More articles:


All Articles