mirror of https://github.com/easzlab/kubeasz.git
docs update
parent
64aa01374a
commit
3f12d016c7
|
@ -4,97 +4,52 @@
|
|||
|
||||
## 前提
|
||||
|
||||
- 安装 helm:以本项目[安全安装helm](helm.md)为例
|
||||
- 安装 helm
|
||||
- 安装 [kube-dns](kubedns.md)
|
||||
|
||||
## 准备
|
||||
|
||||
安装目录概览 `ll /etc/ansible/manifests/prometheus`
|
||||
|
||||
``` bash
|
||||
drwx------ 3 root root 4096 Jun 3 22:42 grafana/
|
||||
-rw-r----- 1 root root 67875 Jun 4 22:47 grafana-dashboards.yaml
|
||||
-rw-r----- 1 root root 690 Jun 4 09:34 grafana-settings.yaml
|
||||
-rw-r----- 1 root root 1105 May 30 16:54 prom-alertrules.yaml
|
||||
-rw-r----- 1 root root 474 Jun 5 10:04 prom-alertsmanager.yaml
|
||||
drwx------ 3 root root 4096 Jun 2 21:39 prometheus/
|
||||
-rw-r----- 1 root root 294 May 30 18:09 prom-settings.yaml
|
||||
```
|
||||
- 目录`prometheus/`和`grafana/`即官方的helm charts,可以使用`helm fetch --untar stable/prometheus` 和 `helm fetch --untar stable/grafana`下载,本安装不会修改任何官方charts里面的内容,这样方便以后跟踪charts版本的更新
|
||||
- `prom-settings.yaml`:个性化prometheus安装参数,比如禁用PV,禁用pushgateway,设置nodePort等
|
||||
- `prom-alertrules.yaml`:配置告警规则
|
||||
- `prom-alertsmanager.yaml`:配置告警邮箱设置等
|
||||
- `grafana-settings.yaml`:个性化grafana安装参数,比如用户名密码,datasources,dashboardProviders等
|
||||
- `grafana-dashboards.yaml`:预设置dashboard
|
||||
|
||||
## 安装
|
||||
|
||||
``` bash
|
||||
$ source ~/.bashrc
|
||||
$ cd /etc/ansible/manifests/prometheus
|
||||
# 安装 prometheus chart,如果你的helm安装没有启用tls证书,请忽略--tls参数
|
||||
$ helm install --tls \
|
||||
--name monitor \
|
||||
--namespace monitoring \
|
||||
-f prom-settings.yaml \
|
||||
-f prom-alertsmanager.yaml \
|
||||
-f prom-alertrules.yaml \
|
||||
prometheus
|
||||
# 安装 grafana chart
|
||||
$ helm install --tls \
|
||||
--name grafana \
|
||||
--namespace monitoring \
|
||||
-f grafana-settings.yaml \
|
||||
-f grafana-dashboards.yaml \
|
||||
grafana
|
||||
```
|
||||
项目3.x采用的部署charts: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
||||
|
||||
kubeasz 集成安装
|
||||
|
||||
- 1.修改 clusters/xxxx/config.yml 中配置项 prom_install: "yes"
|
||||
- 2.安装 ezctl setup xxxx 07
|
||||
|
||||
注:涉及到镜像需从 quay.io 下载,国内比较慢,可以使用项目中的工具脚本 tools/imgutils
|
||||
|
||||
--- 以下内容暂未更新
|
||||
|
||||
## 验证安装
|
||||
|
||||
``` bash
|
||||
# 查看相关pod和svc
|
||||
$ kubectl get pod,svc -n monitoring
|
||||
$ kubectl get pod,svc -n monitor
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
grafana-54dc76d47d-2mk55 1/1 Running 0 1m
|
||||
monitor-prometheus-alertmanager-6d9d9b5b96-w57bk 2/2 Running 0 2m
|
||||
monitor-prometheus-kube-state-metrics-69f5d56f49-fh9z7 1/1 Running 0 2m
|
||||
monitor-prometheus-node-exporter-55bwx 1/1 Running 0 2m
|
||||
monitor-prometheus-node-exporter-k8sb2 1/1 Running 0 2m
|
||||
monitor-prometheus-node-exporter-kxlr9 1/1 Running 0 2m
|
||||
monitor-prometheus-node-exporter-r5dx8 1/1 Running 0 2m
|
||||
monitor-prometheus-server-5ccfc77dff-8h9k6 2/2 Running 0 2m
|
||||
pod/alertmanager-prometheus-kube-prometheus-alertmanager-0 2/2 Running 0 3m11s
|
||||
pod/prometheus-grafana-6d6d47996f-7xlpt 2/2 Running 0 3m14s
|
||||
pod/prometheus-kube-prometheus-operator-5f6774b747-bpktd 1/1 Running 0 3m14s
|
||||
pod/prometheus-kube-state-metrics-95d956569-dhlkx 1/1 Running 0 3m14s
|
||||
pod/prometheus-prometheus-kube-prometheus-prometheus-0 2/2 Running 1 3m11s
|
||||
pod/prometheus-prometheus-node-exporter-d9m7j 1/1 Running 0 3m14s
|
||||
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
grafana NodePort 10.68.74.242 <none> 80:39002/TCP 1m
|
||||
monitor-prometheus-alertmanager NodePort 10.68.69.105 <none> 80:39001/TCP 2m
|
||||
monitor-prometheus-kube-state-metrics ClusterIP None <none> 80/TCP 2m
|
||||
monitor-prometheus-node-exporter ClusterIP None <none> 9100/TCP 2m
|
||||
monitor-prometheus-server NodePort 10.68.248.94 <none> 80:39000/TCP 2m
|
||||
service/alertmanager-operated ClusterIP None <none> 9093/TCP,9094/TCP,9094/UDP 3m12s
|
||||
service/prometheus-grafana NodePort 10.68.31.225 <none> 80:30903/TCP 3m14s
|
||||
service/prometheus-kube-prometheus-alertmanager NodePort 10.68.212.136 <none> 9093:30902/TCP 3m14s
|
||||
service/prometheus-kube-prometheus-operator NodePort 10.68.226.171 <none> 443:30900/TCP 3m14s
|
||||
service/prometheus-kube-prometheus-prometheus NodePort 10.68.100.42 <none> 9090:30901/TCP 3m14s
|
||||
service/prometheus-kube-state-metrics ClusterIP 10.68.80.70 <none> 8080/TCP 3m14s
|
||||
service/prometheus-operated ClusterIP None <none> 9090/TCP 3m12s
|
||||
service/prometheus-prometheus-node-exporter ClusterIP 10.68.64.56 <none> 9100/TCP 3m14s
|
||||
```
|
||||
|
||||
- 访问prometheus的web界面:`http://$NodeIP:39000`
|
||||
- 访问alertmanager的web界面:`http://$NodeIP:39001`
|
||||
- 访问grafana的web界面:`http://$NodeIP:39002` (默认用户密码 admin:admin,可在web界面修改)
|
||||
- 访问prometheus的web界面:`http://$NodeIP:30901`
|
||||
- 访问alertmanager的web界面:`http://$NodeIP:30902`
|
||||
- 访问grafana的web界面:`http://$NodeIP:30903` (默认用户密码 admin:admin)
|
||||
|
||||
## 管理操作
|
||||
|
||||
- 升级(修改配置):修改配置请在`prom-settings.yaml` `prom-alertsmanager.yaml` 等文件中进行,保存后执行:
|
||||
``` bash
|
||||
# 修改prometheus
|
||||
$ helm upgrade --tls monitor -f prom-settings.yaml -f prom-alertsmanager.yaml -f prom-alertrules.yaml prometheus
|
||||
# 修改grafana
|
||||
$ helm upgrade --tls grafana -f grafana-settings.yaml -f grafana-dashboards.yaml grafana
|
||||
```
|
||||
- 回退:具体可以参考`helm help rollback`文档
|
||||
``` bash
|
||||
$ helm rollback --tls monitor [REVISION]
|
||||
```
|
||||
- 删除
|
||||
``` bash
|
||||
$ helm del --tls monitor --purge
|
||||
$ helm del --tls grafana --purge
|
||||
```
|
||||
|
||||
## 验证告警
|
||||
|
||||
- 修改`prom-alertsmanager.yaml`文件中邮件告警为有效的配置内容,并使用 helm upgrade更新安装
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
## kubeasz-3.0.0 (the Beginning of Spring)
|
||||
|
||||
2021春快到了,kubeasz带来全新3.x版本,是继2.x基础上做了一些小优化和创新,力求更加整洁和实用。主要更新点:
|
||||
|
||||
### 优化多集群创建、管理逻辑
|
||||
|
||||
根目录新增 clusters 子目录,用于存放不同集群的配置;现在 ezctl 命令行天然支持多集群管理操作,统一创建、管理,互不影响;建议deploy节点独立出来,具体集群创建、管理操作可以参考 docs/setup/ezctl.md
|
||||
|
||||
### 配置集中,组件版本统一设置
|
||||
|
||||
模版配置文件 example/config.yml 是把原先 roles/xxxx/defaults/main.yml 配置合并后的全局配置文件;每创建一个集群会从这个模版派生一个实例集群的配置文件到 clusters/xxxx/config.yml;
|
||||
|
||||
ezdown 脚本统一设置组件、镜像版本;自动替换clusters/xxxx/config.yml 全局配置中相关版本
|
||||
|
||||
### 增加默认部署 node local dns
|
||||
NodeLocal DNSCache在集群的上运行一个dnsCache daemonset来提高clusterDNS性能和可靠性。在K8S集群上的一些测试表明:相比于纯coredns方案,nodelocaldns + coredns方案能够大幅降低DNS查询timeout的频次,提升服务稳定性
|
||||
|
||||
参考官方文档:https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/
|
||||
|
||||
### 客户端 kubeconfig 管理【强烈推荐】
|
||||
|
||||
经常遇到有人问某个kubeconfig(kubectl)泄露了怎么办?不同权限的kubeconfig怎么生成?这里利用cfssl签发自定义用户证书和k8s灵活的rbac权限绑定机制,ezctl 命令行封装了这个功能,非常方便、实用。
|
||||
|
||||
详细使用参考 docs/op/kcfg-adm.md
|
||||
|
||||
### 更新 prometheus安装部署,自动集成安装
|
||||
|
||||
参考 example/config.yml 配置和 roles/cluster-addon/templates/prometheus/values.yaml.j2 模版配置文件,详细使用文档待更新
|
||||
|
||||
### 其他主要更新
|
||||
|
||||
- 更新支持 ansible 2.10.4
|
||||
- 更新系统加固 os-harden 7.0.0
|
||||
- 更新traefik 安装部署(helm charts)
|
||||
|
||||
### 组件更新
|
||||
|
||||
- k8s: v1.20.2, v.1.19.7, v1.18.15, v1.17.17
|
||||
|
||||
### 集群安装
|
||||
|
||||
- ca 安全管理,所有证书都在deploy节点创建后推送到需要的节点
|
||||
- 移除 netaddr (pip安装) 依赖
|
||||
- 修复ansible group命名不规范问题(group 'kube-node' --> group 'kube_node')
|
||||
- 更新 kube-ovn to 1.5.3 #958
|
||||
- 调整cluster-addon安装方式
|
||||
- 修复 calico 网络 backend 设置为 vxlan none 时,calico 部署失败 #959
|
||||
- 调整默认nodePort范围为30000-32767
|
||||
|
||||
### 工具脚本
|
||||
|
||||
- ezdown 替换原 tools/easzup
|
||||
- ezctl 替换原 tools/easzctl
|
||||
|
||||
### 文档
|
||||
|
||||
- 大量文档更新(部分未完成)
|
|
@ -74,6 +74,8 @@
|
|||
|
||||
- name: flush-iptables
|
||||
shell: "iptables -P INPUT ACCEPT \
|
||||
&& iptables -P FORWARD ACCEPT \
|
||||
&& iptables -P OUTPUT ACCEPT \
|
||||
&& iptables -F && iptables -X \
|
||||
&& iptables -F -t nat && iptables -X -t nat \
|
||||
&& iptables -F -t raw && iptables -X -t raw \
|
||||
|
|
Loading…
Reference in New Issue