23 Mar 2020 使用grafana访问ocp4.3的prometheus

2023-10-17 10:41:10 浏览数 (1)

ocp4.3自带了prometheus和grafana,默认在openshift-monitoring namespace下面,但是用户不能修改openshift-monitoring namespace下的资源,比如你无法修改系统自带的grafana的dashboard。如果你修改了相应的资源,会被集群重置成默认状态。本文介绍如何通过安装自己的grafana访问ocp4.3自带的prometheus数据。

安装grafana

先创建相应的project:

代码语言:javascript复制
# oc new-project ssli-monitoring
# oc project ssli-monitoring

进入ocp的dashboard,在project ssli-monitoring下安装grafana operator,然后创建grafana实例,在创建grafana实例的yaml中,记住相应的用户名和密码,后面登录grafana使用,创建grafana的yaml如下:

代码语言:javascript复制
apiVersion: integreatly.org/v1alpha1
kind: Grafana
metadata:
  name: ssli-grafana
  namespace: ssli-monitoring
spec:
  ingress:
    enabled: true
  config:
    auth:
      disable_signout_menu: true
    auth.anonymous:
      enabled: true
    log:
      level: warn
      mode: console
    security:
      admin_password: secret
      admin_user: root
  dashboardLabelSelector:
    - matchExpressions:
        - key: app
          operator: In
          values:
            - grafana

安装完毕后,查看相关资源正常输出如下:

代码语言:javascript复制
# oc get pod
NAME                                  READY   STATUS    RESTARTS   AGE
grafana-deployment-64f8b9cdd9-6g88f   1/1     Running   0          72s
grafana-operator-66d7f554d5-xgrjp     1/1     Running   0          2m44s
# oc get grafana
NAME           AGE
ssli-grafana   82s
# oc get route
NAME            HOST/PORT                                                      PATH   SERVICES          PORT      TERMINATION   WILDCARD
grafana-route   grafana-route-ssli-monitoring.apps.ssli-ocp1.os.fyre.ibm.com          grafana-service   grafana   edge          None
#

创建rbac

要访问ocp自带的prometheus数据,我们需要配置相应的认证信息,首先创建serviceaccount:

代码语言:javascript复制
# oc create serviceaccount grafana -n ssli-monitoring
serviceaccount/grafana created

为serviceaccount创建相应的clusterrolebinding:

代码语言:javascript复制
# oc create clusterrolebinding grafana-cluster-monitoring-view 
  --clusterrole=cluster-monitoring-view 
  --serviceaccount=ssli-monitoring:grafana

获取serviceaccount的token:

代码语言:javascript复制
# oc sa get-token grafana -n ssli-monitoring
eyJh...S9WeA

创建datasources访问ocp的prometheus

以secret的方式创建datasources,yaml如下:

代码语言:javascript复制
apiVersion: v1
kind: Secret
metadata:
  name: openshift-monitoring-grafana-datasource
  namespace: ssli-monitoring
stringData:
  ssli-datasources.yaml: |
    apiVersion: 1
    datasources:
    - name: "openshift-monitoring-datasource"
      type: prometheus
      access: proxy
      url: "https://prometheus-k8s-openshift-monitoring.apps.ssli-ocp1.os.fyre.ibm.com"
      basicAuth: false
      withCredentials: false
      isDefault: false
      jsonData:
        tlsSkipVerify: true
        httpHeaderName1: "Authorization"
      secureJsonData:
        httpHeaderValue1: "Bearer eyJh...S9WeA"
      editable: true

这里需要注意3个配置项:

  • namespace:安装的grafana所在的namespace
  • url:ocp的prometheus的访问route,通过执行oc get route prometheus-k8s -n openshift-monitoring获取
  • httpHeaderValue1:使用serviceaccount的token

创建secret,并将secret挂载到grafana的pod中,如下:

代码语言:javascript复制
root@ssli-ocp1-inf:grafana$ oc apply -f secret.yaml
secret/openshift-monitoring-grafana-datasource created

然后更新grafana的deployment,添加以下内容挂载secret:

代码语言:javascript复制
            - name: ssli-grafana-datasources
              mountPath: /etc/grafana/provisioning/datasources

...

        - name: ssli-grafana-datasources
          secret:
            secretName: openshift-monitoring-grafana-datasource
            defaultMode: 420

待grafana的pod重启完毕,访问grafana的dashboard,使用以下命令获取grafana的dashboard的url:

代码语言:javascript复制
# oc get route -n ssli-monitoring
NAME            HOST/PORT                                                      PATH   SERVICES          PORT      TERMINATION   WILDCARD
grafana-route   grafana-route-ssli-monitoring.apps.ssli-ocp1.os.fyre.ibm.com          grafana-service   grafana   edge          None

登录是使用创建grafana时指定的用户名和密码,默认如下:

代码语言:javascript复制
admin_password: secret
admin_user: root

在dashboard中找到创建的datasources,然后点击save & test,配置正常的话会提示一下信息:

代码语言:javascript复制
data source is working

然后就可以添加自己的grafana dashboard。

LEo at 12:12

0 人点赞