监控Service和Ingress可用性

在第4章中我们介绍了如何基于Blackbox Exporter进行黑盒监控,黑盒监控侧重于从用户角度来测试服务的可用性。当用户在Kubernetes中部署应用程序时,为了能让程序之间能够相互访问,需要使用到Service。而如果,需要让Kubernetes集群外的用户能够访问访问集群内的应用,则需要使用到Ingress。

Ingress和Service均扮演了负载均衡的角色,通过网络探针对Ingress和Service对应的服务进行监控,能够快速判断当前服务的可用性,并且在发生故障时能够即使的做出响应。

在Kubernetes下部署Blackbox Exporter

如下所示,通过Deployment定义了一个单实例的Blackbox-exporter实例,并且为其定义了相应的Service。通过Service暴露的DNS地址,集群内的Prometheus能够非常简单的通过域名:blackbox-exporter.default.svc.cluster.local访问到Blackbox的实例:

  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4. labels:
  5. app: blackbox-exporter
  6. name: blackbox-exporter
  7. spec:
  8. ports:
  9. - name: blackbox
  10. port: 9115
  11. protocol: TCP
  12. selector:
  13. app: blackbox-exporter
  14. type: ClusterIP
  15. ---
  16. apiVersion: extensions/v1beta1
  17. kind: Deployment
  18. metadata:
  19. labels:
  20. app: blackbox-exporter
  21. name: blackbox-exporter
  22. spec:
  23. replicas: 1
  24. selector:
  25. matchLabels:
  26. app: blackbox-exporter
  27. template:
  28. metadata:
  29. labels:
  30. app: blackbox-exporter
  31. spec:
  32. containers:
  33. - image: prom/blackbox-exporter
  34. name: blackbox-exporter

通过kubectl命令,可以在Kubernetes集群中部署Blackbox Exporter实例:

  1. kubectl create -f blackbox-exporter-deployment.yml

如下所示,在镜像prom/blackbox-exporter中包含了默认配置文件中定义了几个常用的探针配置:

  1. modules:
  2. http_2xx:
  3. prober: http
  4. http:
  5. http_post_2xx:
  6. prober: http
  7. http:
  8. method: POST
  9. tcp_connect:
  10. prober: tcp
  11. pop3s_banner:
  12. prober: tcp
  13. tcp:
  14. query_response:
  15. - expect: "^+OK"
  16. tls: true
  17. tls_config:
  18. insecure_skip_verify: false
  19. ssh_banner:
  20. prober: tcp
  21. tcp:
  22. query_response:
  23. - expect: "^SSH-2.0-"
  24. irc_banner:
  25. prober: tcp
  26. tcp:
  27. query_response:
  28. - send: "NICK prober"
  29. - send: "USER prober prober prober :prober"
  30. - expect: "PING :([^ ]+)"
  31. send: "PONG ${1}"
  32. - expect: "^:[^ ]+ 001"
  33. icmp:
  34. prober: icmp

探测Service可用性

  1. - job_name: 'kubernetes-services'
  2. metrics_path: /probe
  3. params:
  4. module: [http_2xx]
  5. kubernetes_sd_configs:
  6. - role: service
  7. relabel_configs:
  8. - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
  9. action: keep
  10. regex: true
  11. - source_labels: [__address__]
  12. target_label: __param_target
  13. - target_label: __address__
  14. replacement: blackbox-exporter.default.svc.cluster.local:9115
  15. - source_labels: [__param_target]
  16. target_label: instance
  17. - action: labelmap
  18. regex: __meta_kubernetes_service_label_(.+)
  19. - source_labels: [__meta_kubernetes_namespace]
  20. target_label: kubernetes_namespace
  21. - source_labels: [__meta_kubernetes_service_name]
  22. target_label: kubernetes_name

探测Ingress可用性

  1. - job_name: 'kubernetes-ingresses'
  2. metrics_path: /probe
  3. params:
  4. module: [http_2xx]
  5. kubernetes_sd_configs:
  6. - role: ingress
  7. relabel_configs:
  8. - source_labels: [__meta_kubernetes_ingress_annotation_prometheus_io_probe]
  9. action: keep
  10. regex: true
  11. - source_labels: [__meta_kubernetes_ingress_scheme,__address__,__meta_kubernetes_ingress_path]
  12. regex: (.+);(.+);(.+)
  13. replacement: ${1}://${2}${3}
  14. target_label: __param_target
  15. - target_label: __address__
  16. replacement: blackbox-exporter.default.svc.cluster.local:9115
  17. - source_labels: [__param_target]
  18. target_label: instance
  19. - action: labelmap
  20. regex: __meta_kubernetes_ingress_label_(.+)
  21. - source_labels: [__meta_kubernetes_namespace]
  22. target_label: kubernetes_namespace
  23. - source_labels: [__meta_kubernetes_ingress_name]
  24. target_label: kubernetes_name