1. 모니터링 네임스페이스 생성
Prometheus와 관련 컴포넌트를 위한 전용 네임스페이스를 생성합니다.
kubectl create namespace monitoring2. Docker 미러 구성 (이미지 다운로드 최적화)
이미지 다운로드 속도 향상을 위해 Docker 데몬에 미러 서버를 등록합니다.
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://huecker.io",
"https://dockerhub.timeweb.cloud"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}설정 후 Docker를 재시작하여 반영합니다.
3. Node Exporter 배포 (데몬셋 활용)
모든 노드의 하드웨어 및 OS 메트릭 수집을 위해 DaemonSet으로 Node Exporter를 배포합니다.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: monitoring
labels:
app.kubernetes.io/name: node-exporter
spec:
selector:
matchLabels:
app.kubernetes.io/name: node-exporter
template:
metadata:
labels:
app.kubernetes.io/name: node-exporter
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
hostNetwork: true
hostPID: true
containers:
- name: exporter
image: prom/node-exporter:v1.6.1
ports:
- containerPort: 9100
hostPort: 9100
protocol: TCP
name: http
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host
volumeMounts:
- name: procfs
mountPath: /host/proc
readOnly: true
- name: sysfs
mountPath: /host/sys
readOnly: true
- name: root
mountPath: /host
readOnly: true
volumes:
- name: procfs
hostPath:
path: /proc
- name: sysfs
hostPath:
path: /sys
- name: root
hostPath:
path: /
배포 후 각 워커 노드에서 http://<node-ip>:9100/metrics 접근 가능 여부를 확인합니다.
4. NFS 기반 스토리지 클래스 설정
Prometheus 데이터 영속성을 위해 외부 프로비저너를 사용한 NFS 스토리지 클래스를 구성합니다.
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=your-nas-endpoint.cn-shanghai.nas.aliyuncs.com \
--set nfs.path=/k8s-shared \
--set storageClass.name=nfs-client \
--namespace nfs-provisioner --create-namespace설정 후 기본 스토리지 클래스로 지정:
kubectl patch storageclass nfs-client -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'5. Prometheus 코어 구성
ConfigMap: 동적 타겟 수집 규칙 정의
Kubernetes 내 다양한 리소스를 자동 감지하는 설정을 포함합니다.
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: monitoring
data:
prometheus.yml: |
global:
scrape_interval: 15s
evaluation_interval: 30s
scrape_configs:
# 노드 메트릭 수집 (Node Exporter)
- job_name: 'nodes'
kubernetes_sd_configs:
- role: node
relabel_configs:
- source_labels: [__address__]
regex: '([^:]+):10250'
replacement: '${1}:9100'
target_label: __address__
# API 서버 상태 수집
- job_name: 'apiserver'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
# 애노테이션 기반 서비스 수집
- job_name: 'service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__Deployment: Prometheus 서버 실행
영속 볼륨과 RBAC를 함께 구성합니다.
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
serviceAccountName: prometheus-sa
containers:
- name: prometheus
image: prom/prometheus:v2.50.1
args:
- --config.file=/etc/config/prometheus.yml
- --storage.tsdb.path=/prometheus
- --web.enable-lifecycle
ports:
- containerPort: 9090
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: /prometheus
volumes:
- name: config-volume
configMap:
name: prometheus-config
- name: storage-volume
persistentVolumeClaim:
claimName: prometheus-pvcPersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus-pvc
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20GiRBAC 권한 부여
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-sa
namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus-cr
rules:
- apiGroups: [""]
resources: ["nodes", "services", "endpoints", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes/proxy"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus-crb
subjects:
- kind: ServiceAccount
name: prometheus-sa
namespace: monitoring
roleRef:
kind: ClusterRole
name: prometheus-cr
apiGroup: rbac.authorization.k8s.io외부 접근을 위한 서비스 노출
apiVersion: v1
kind: Service
metadata:
name: prometheus-service
namespace: monitoring
spec:
type: NodePort
selector:
app: prometheus
ports:
- protocol: TCP
port: 9090
targetPort: 9090
nodePort: 300906. 배포 및 검증
kubectl apply -f ./
kubectl get pods -n monitoring -l app=prometheus
# 포드 상태 확인 후 로그 출력
kubectl logs -n monitoring deployment/prometheus브라우저에서 http://<any-node-ip>:30090 접속하여 UI 확인