From 54feb6dc212fd5f9a8a72b501ec0b1920d44587d Mon Sep 17 00:00:00 2001 From: vallard Date: Wed, 7 Oct 2020 16:29:00 -0700 Subject: [PATCH] some updates with starting monitoring section. --- segment03-install/createEKSctlCluster.sh | 2 +- segment07-integrations/serverless.yml | 2 +- segment08-monitoring/README.md | 107 ++++++++++++++++++ .../monitoring-ingress-rules.yaml | 62 ++++++++++ 4 files changed, 171 insertions(+), 2 deletions(-) create mode 100644 segment08-monitoring/README.md create mode 100644 segment08-monitoring/monitoring-ingress-rules.yaml diff --git a/segment03-install/createEKSctlCluster.sh b/segment03-install/createEKSctlCluster.sh index e515f94..fb20299 100755 --- a/segment03-install/createEKSctlCluster.sh +++ b/segment03-install/createEKSctlCluster.sh @@ -1,7 +1,7 @@ #!/bin/bash set -x time eksctl create cluster \ ---name aug05 \ +--name oct07 \ --version 1.17 \ --region us-west-2 \ --nodegroup-name standard-workers \ diff --git a/segment07-integrations/serverless.yml b/segment07-integrations/serverless.yml index cb1b699..91913a0 100644 --- a/segment07-integrations/serverless.yml +++ b/segment07-integrations/serverless.yml @@ -5,7 +5,7 @@ provider: region: us-west-2 environment: ## Define the name of your EKS cluster you want the lambda function to be able to access - CLUSTER: "aug05" + CLUSTER: "oct07" ## define the role that this lambda function will run under. This role should have access to ## be able to run kubectl commands. role: arn:aws:iam::188966951897:role/kubeLambda diff --git a/segment08-monitoring/README.md b/segment08-monitoring/README.md new file mode 100644 index 0000000..0b4fb0f --- /dev/null +++ b/segment08-monitoring/README.md @@ -0,0 +1,107 @@ +# Cluster Monitoring + +We can use [Prometheus](https://prometheus.io) and [Grafana](https://grafana.com/) for monitoring our cluster. + +## Metrics Server + +In [Segement 06](../segment06-admin/README.md) we installed the metrics server. Be sure this is done. + +Check it is with: + +``` +kubectl get --raw /metrics +``` + + +## Prometheus Operator + +You can install the operator by cloning the [Prometheus Operator](https://github.com/prometheus-operator/kube-prometheus) repository with: + +``` +git clone https://github.com/prometheus-operator/kube-prometheus +``` + +Find the appropriate release for your version of Kubernetes in the table. For example, if you were using Kubernetes 1.17 (run `kubectl version` to see what you are running) you would see the [README](https://github.com/prometheus-operator/kube-prometheus/blob/master/README.md) shows I should be running `release-0.4`. So to install we run: + +``` +cd kube-prometheus +git branch -a +``` +Here we see all the branch names. To switch to the release branch run: + +``` +git checkout remotes/origin/release-0.4 +``` + +Now we can install the operator with: + +``` +kubectl create -f manifests/setup +``` + +You should then be able to see custom resources, `servicemonitors` by running: + +``` +kubectl get crd +``` +And see there is a `servicemonitors.monitoring.coreos.com` custom resource definition. + +Once that is defined you can install the rest of the monitoring components: + +``` +kubectl create -f manifiests/ +``` + +You'll be able to see all the resources defined in the `monitoring` namespace with: + +``` +kubectl get pods -n monitoring +``` + +Output looks as follows: + +``` +NAME READY STATUS RESTARTS AGE +alertmanager-main-0 2/2 Running 0 3m15s +alertmanager-main-1 2/2 Running 0 3m15s +alertmanager-main-2 2/2 Running 0 3m15s +grafana-58dc7468d7-vvcnc 1/1 Running 0 3m12s +kube-state-metrics-765c7c7f95-kxddc 3/3 Running 0 3m12s +node-exporter-cnhm6 2/2 Running 0 2m15s +node-exporter-vnh9r 2/2 Running 0 3m13s +prometheus-adapter-5cd5798d96-j8xnn 1/1 Running 0 3m13s +prometheus-k8s-0 3/3 Running 1 3m13s +prometheus-k8s-1 3/3 Running 1 3m13s +prometheus-operator-5f75d76f9f-n9krn 1/1 Running 0 7m2s +``` + +### Ingress Rules + +We now have three dashboards exposed to us, but they are, of course secured behind our firewall. We can access them with: + +``` +kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090 +kubectl --namespace monitoring port-forward svc/grafana 3000 +kubectl --namespace monitoring port-forward svc/alertmanager-main 9093 +``` + +Connecting then to `localhost:9090` would allow us to connect to Prometheus: + +![prometheus](../images/mon01.png) + +We can expose these with an ingress rule as well. You probably wouldn't want to expose your cluster like this to the outside world, but we will do this to show how to access them with our ingress controller that we created. You should edit the `monitoring-ingress-rules.yaml` file and use your own domain name. Once done you can run: + +``` +kubectl apply -f monitoring-ingress-rules.yaml +``` + +Now we can access all of these at the folowing domains: + +* [grafana.k8s.castlerock.ai](https://grafana.k8s.castlerock.ai) +* [alertmanager.k8s.castlerock.ai](https://alertmanager.k8s.castlerock.ai) +* [prometheus.k8s.castlerock.ai](https://prometheus.k8s.castlerock.ai) + + + + + \ No newline at end of file diff --git a/segment08-monitoring/monitoring-ingress-rules.yaml b/segment08-monitoring/monitoring-ingress-rules.yaml new file mode 100644 index 0000000..3588a5a --- /dev/null +++ b/segment08-monitoring/monitoring-ingress-rules.yaml @@ -0,0 +1,62 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx + name: prometheus-k8s + namespace: monitoring +spec: + tls: + - hosts: + - prometheus.k8s.castlerock.ai + secretName: prometheus-tls-cert + rules: + - host: prometheus.k8s.castlerock.ai + http: + paths: + - backend: + serviceName: prometheus-k8s + servicePort: 9090 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx + name: grafana + namespace: monitoring +spec: + tls: + - hosts: + - grafana.k8s.castlerock.ai + secretName: grafana-tls-cert + rules: + - host: grafana.k8s.castlerock.ai + http: + paths: + - backend: + serviceName: grafana + servicePort: 3000 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx + name: alertmanager + namespace: monitoring +spec: + tls: + - hosts: + - alertmanager.k8s.castlerock.ai + secretName: alertmanager-tls-cert + rules: + - host: alertmanager.k8s.castlerock.ai + http: + paths: + - backend: + serviceName: alertmanager-main + servicePort: 9093