添加ingress-nginx监控

创建ingress-nginx ServiceMonitor文件

vim prometheus-ingress-nginx.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    k8s-app: ingress-nginx  # 注解1
  name: nginx-ingress-controller-metrics
  namespace: monitoring   # 最好与被监控对应放一起，也可在monitoring下
spec:
  endpoints:
  - interval: 15s
    port: metrics   # 与service 暴露监控的端口名称一致
  jobLabel: k8s-app
  namespaceSelector:
    matchNames:
    - ingress-nginx    # 监控对象所在namespace
  selector:
    matchLabels:
      app: ingress-nginx   # 与service的label一致，不是service的selector

创建ingress-nginx service文件

vim prometheus-ingress-nginx-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx   #与ingress所在namespace一致
  labels:                       
    app: ingress-nginx   #A 这个label记下，servicemonitor会用到
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
    - name: metrics   # 三个端口名称与deployment中保持一致
      port: 10254
      targetPort: 10254
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx    #这个和deployment中pod的label一致

默认prometheus无访问 ingress-nginx名称空间service解决方法

• 修改 kube-prometheus-0.5.0/manifests/prometheus-clusterRole.yaml 文件修改为如下文件

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus-k8s
rules:
- apiGroups:
  - ""
  resources:
  - nodes/metrics
  - services
  - endpoints
  - pods
  verbs:
  - get
  - list
  - watch
- nonResourceURLs:
  - /metrics
  verbs:
  - get

grafana 添加针对 ingress-nginx 的监控模板

见附件