Kubernetes中使用prometheus+alertmanager实现监控告警

监控告警原型图

原型图解释

prometheus与alertmanager作为container运行在同一个pods中并交由Deployment控制器管理，alertmanager默认开启9093端口，因为我们的prometheus与alertmanager是处于同一个pod中，所以prometheus直接使用localhost:9093就可以与alertmanager通信(用于发送告警通知)，告警规则配置rules.yml以Configmap的形式挂载到prometheus容器供prometheus使用，告警通知对象配置也通过Configmap挂载到alertmanager容器供alertmanager使用，这里我们使用邮件接收告警通知，具体配置在alertmanager.yml中

测试环境

环境：Linux 3.10.0-693.el7.x86_64 x86_64 GNU/Linux
平台：Kubernetes v1.10.5
Tips：prometheus与alertmanager完整的配置在文档末尾

创建告警规则

在prometheus中指定告警规则的路径， rules.yml就是用来指定报警规则，这里我们将rules.yml用ConfigMap的形式挂载到/etc/prometheus目录下面即可:

rule_files:
- /etc/prometheus/rules.yml

这里我们指定了一个InstanceDown告警，当主机挂掉1分钟则prometheus会发出告警

  rules.yml: |
    groups:
    - name: example
      rules:
      - alert: InstanceDown
        expr: up == 0
        for: 1m
        labels:
          severity: page
        annotations:
          summary: "Instance {{ $labels.instance }} down"
          description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minutes."

配置prometheus与alertmanager通信(用于prometheus向alertmanager发送告警信息)

alertmanager默认开启9093端口，又因为我们的prometheus与alertmanager是处于同一个pod中，所以prometheus直接使用localhost:9093就可以与alertmanager通信

alerting:
  alertmanagers:
  - static_configs:
    - targets: ["localhost:9093"]

alertmanager配置告警通知对象

我们这里举了一个邮件告警的例子，alertmanager接收到prometheus发出的告警时，alertmanager会向指定的邮箱发送一封告警邮件，这个配置也是通过Configmap的形式挂载到alertmanager所在的容器中供alertmanager使用

alertmanager.yml: |-
    global:
      smtp_smarthost: 'smtp.exmail.qq.com:465'
      smtp_from: 'xin.liu@woqutech.com'
      smtp_auth_username: 'xin.liu@woqutech.com'
      smtp_auth_password: 'xxxxxxxxxxxx'
      smtp_require_tls: false
    route:
      group_by: [alertname]
      group_wait: 30s
      group_interval: 5m
      repeat_interval: 10m
      receiver: default-receiver
    receivers:
    - name: 'default-receiver'
      email_configs:
      - to: '1148576125@qq.com'

原型效果展示

在prometheus web ui中可以看到 配置的告警规则

为了看测试效果，关掉一个主机节点：
在prometheus web ui中可以看到一个InstanceDown告警被触发

在alertmanager web ui中可以看到alertmanager收到prometheus发出的告警

指定接收告警的邮箱收到alertmanager发出的告警邮件

全部配置

node_exporter_daemonset.yaml

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: node-exporter
  namespace: kube-system
  labels:
    app: node_exporter
spec:
  selector:
    matchLabels:
      name: node_exporter
  template:
    metadata:
      labels:
        name: node_exporter
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: node-exporter
        image: alery/node-exporter:1.0
        ports:
        - name: node-exporter
          containerPort: 9100
          hostPort: 9100
        volumeMounts:
        - name: localtime
          mountPath: /etc/localtime
        - name: host
          mountPath: /host
          readOnly: true
      volumes:
      - name: localtime
        hostPath:
          path: /usr/share/zoneinfo/Asia/Shanghai
      - name: host
        hostPath:
          path: /

alertmanager-cm.yaml

kind: ConfigMap
apiVersion: v1
metadata:
  name: alertmanager
  namespace: kube-system
data:
  alertmanager.yml: |-
    global:
      smtp_smarthost: 'smtp.exmail.qq.com:465'
      smtp_from: 'xin.liu@woqutech.com'
      smtp_auth_username: 'xin.liu@woqutech.com'
      smtp_auth_password: 'xxxxxxxxxxxx'
      smtp_require_tls: false
    route:
      group_by: [alertname]
      group_wait: 30s
      group_interval: 5m
      repeat_interval: 10m
      receiver: default-receiver
    receivers:
    - name: 'default-receiver'
      email_configs:
      - to: '1148576125@qq.com'

prometheus-rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: prometheus
  namespace: kube-system
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prometheus
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: kube-system

prometheus-cm.yaml

kind: ConfigMap
apiVersion: v1
data:
  prometheus.yml: |
    rule_files:
    - /etc/prometheus/rules.yml
    alerting:
      alertmanagers:
      - static_configs:
        - targets: ["localhost:9093"]
    scrape_configs:
    - job_name: 'node'
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - source_labels: [__meta_kubernetes_pod_ip]
        action: replace
        target_label: __address__
        replacement: $1:9100
      - source_labels: [__meta_kubernetes_pod_host_ip]
        action: replace
        target_label: instance
      - source_labels: [__meta_kubernetes_pod_node_name]
        action: replace
        target_label: node_name
      - action: labelmap
        regex: __meta_kubernetes_pod_label_(name)
      - source_labels: [__meta_kubernetes_pod_label_name]
        regex: node_exporter
        action: keep

  rules.yml: |
    groups:
    - name: example
      rules:
      - alert: InstanceDown
        expr: up == 0
        for: 5m
        labels:
          severity: page
        annotations:
          summary: "Instance {{ $labels.instance }} down"
          description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes."
      - alert: APIHighRequestLatency
        expr: api_http_request_latencies_second{quantile="0.5"} > 1
        for: 10m
        annotations:
          summary: "High request latency on {{ $labels.instance }}"
          description: "{{ $labels.instance }} has a median request latency above 1s (current value: {{ $value }}s)"

metadata:
  name: prometheus-config-v0.1.0
  namespace: kube-system

prometheus.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  namespace: kube-system
  name: prometheus
  labels:
    name: prometheus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus
  template:
    metadata:
      name: prometheus
      labels:
        app: prometheus
    spec:
      serviceAccountName: prometheus
      nodeSelector:
        node-role.kubernetes.io/master: ""
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master