prometheus-operator

官方安装说明

https://prometheus-operator.dev/docs/prologue/quick-start/

安装服本

git clone https://github.com/prometheus-operator/kube-prometheus.git
# 或者直接下载代码包
# github.com/prometheus-operator/kube-prometheus/archive/main.zip

cd kube-prometheus

#创建命信空间，CRDs
kubectl create -f manifests/setup

# 等待 servicemonitors CRD创建完成，输出 “No resources found” 表示成功
until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done

kubectl create -f manifests/

rm -rf kube-prometheus

创建 ingress

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: prometheus
  namespace: monitoring
spec:
  rules:
  - host: monitoring-prometheus.internal.liu12.com
    http:
      paths:
      - backend:
          service:
            name: prometheus-k8s
            port:
              number: 9090
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - monitoring-prometheus.internal.liu12.com
    secretName: internal.liu12.com

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: grafana
  namespace: monitoring
spec:
  rules:
  - host: monitoring-grafana.internal.liu12.com
    http:
      paths:
      - backend:
          service:
            name: grafana
            port:
              number: 3000
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - monitoring-grafana.internal.liu12.com
    secretName: internal.liu12.com

kubectl apply -f ingress.yaml

使用 nginx 给 prometheus 配置访问密码

htpasswd -c ./monitoring-prometheus.internal.liu12.com.htpasswd admin

server {
    listen       443 ssl;
    server_name monitoring-prometheus.internal.liu12.com;

    ssl_certificate /etc/nginx/certs/internal.liu12.com/internal.liu12.com.pem;
    ssl_certificate_key /etc/nginx/certs/internal.liu12.com/internal.liu12.com.key;

    location / {
       auth_basic "Prometheus";
       auth_basic_user_file /etc/nginx/conf.d/x.internal.liu12.com/monitoring-prometheus.internal.liu12.com.htpasswd;

       proxy_set_header scheme https;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection $connection_upgrade;

       proxy_redirect off;
       proxy_http_version 1.1;
       proxy_buffering off;
       proxy_read_timeout 3600s;
       proxy_send_timeout 3600s;
       proxy_pass https://k8s-443;
    }

}