Skip to content

Instantly share code, notes, and snippets.

@Qxe8

Qxe8/blackbox-exporter-configmap.yaml

Created December 22, 2021 15:17
Show Gist options
  • Save Qxe8/cb3acb1029ef8be1f283f19b19f9087e to your computer and use it in GitHub Desktop.
Save Qxe8/cb3acb1029ef8be1f283f19b19f9087e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
blackbox-exporter-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: prometheus-blackbox-exporter
name: prometheus-blackbox-exporter
namespace: prometheus
data:
blackbox.yml: |-
modules:
http_2xx:
prober: http
timeout: 10s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
valid_status_codes: []
method: GET
preferred_ip_protocol: "ip4"
http_post_2xx: # http post 监测模块
prober: http
timeout: 10s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
method: POST
preferred_ip_protocol: "ip4"
tcp_connect:
prober: tcp
timeout: 10s
icmp:
prober: icmp
timeout: 10s
icmp:
preferred_ip_protocol: "ip4"
Raw
blackbox-exporter.yaml
apiVersion: v1
kind: Service
metadata:
name: prometheus-blackbox-exporter-svc
namespace: prometheus
labels:
application: prometheus-blackbox-exporter
annotations:
prometheus.io/scrape: 'true'
spec:
type: NodePort
selector:
application: prometheus-blackbox-exporter
ports:
- name: blackbox
port: 9115
targetPort: 9115
nodePort: 30009
protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: prometheus-blackbox-exporter
namespace: prometheus
spec:
selector:
matchLabels:
application: "prometheus-blackbox-exporter"
replicas: 1
template:
metadata:
labels:
application: prometheus-blackbox-exporter
spec:
restartPolicy: Always
nodeSelector:
node-role.kubernetes.io/master: "true"
tolerations:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
containers:
- name: prometheus-blackbox-exporter
image: prom/blackbox-exporter:v0.19.0
imagePullPolicy: IfNotPresent
ports:
- name: blackbox-port
containerPort: 9115
readinessProbe:
tcpSocket:
port: 9115
initialDelaySeconds: 5
timeoutSeconds: 5
resources:
requests:
memory: 50Mi
cpu: 100m
limits:
memory: 60Mi
cpu: 200m
volumeMounts:
- name: config
mountPath: /etc/blackbox_exporter
args:
- --config.file=/etc/blackbox_exporter/blackbox.yml
- --log.level=debug
- --web.listen-address=:9115
volumes:
- name: config
configMap:
name: prometheus-blackbox-exporter
Raw
configmap-prom-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus
namespace: kube-system
data:
prometheus.yaml: |
alerting:
alertmanagers:
- static_configs:
- targets: ['alertmanager:9093']
global:
# 抓取的间隔时间
scrape_interval: 20s
# How long until a scrape request times out.
scrape_timeout: 10s
# 计算告警触发条件的周期
evaluation_interval: 20s
# 告警规则文件
rule_files:
- '/etc/prometheus-rules/*.rules'
scrape_configs:
- job_name: 'alertmanager'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: service
relabel_configs:
# 只保留含有 label 为 prometheus/io=scrape 的 service
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_namespace, __meta_kubernetes_service_name]
regex: true;kube-system;alertmanager
action: keep
- job_name: 'kubelet'
# 通过 https 访问 apiserver,通过 apiserver 的 api 获取数据
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 k8s 的 node 对象获取数据
- role: node
relabel_configs:
# 用新的前缀代替原 label name 前缀,没有 replacement 的话功能就是去掉 label_name 前缀
# 例如:以下两句的功能就是将__meta_kubernetes_node_label_kubernetes_io_hostname
# 变为 kubernetes_io_hostname
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
# replacement 中的值将会覆盖 target_label 中指定的 label name 的值,
# 即__address__的值会被替换为 kubernetes.default.svc:443
- target_label: __address__
replacement: kubernetes.default.svc:443
#replacement: 10.142.21.21:6443
# 获取__meta_kubernetes_node_name 的值
- source_labels: [__meta_kubernetes_node_name]
#匹配一个或多个任意字符,将上述 source_labels 的值生成变量
regex: (.+)
# 将# replacement 中的值将会覆盖 target_label 中指定的 label name 的值,
# 即__metrics_path__的值会被替换为 /api/v1/nodes/${1}/proxy/metrics,
# 其中 ${1} 的值会被替换为__meta_kubernetes_node_name 的值
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics
#or:
#- source_labels: [__address__]
# regex: '(.*):10250'
# replacement: '${1}:4194'
# target_label: __address__
#- source_labels: [__meta_kubernetes_node_label_role]
# action: replace
# target_label: role
- job_name: 'cadvisor'
# 通过 https 访问 apiserver,通过 apiserver 的 api 获取数据
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 k8s 的 node 对象获取数据
- role: node
relabel_configs:
# 用新的前缀代替原 label name 前缀,没有 replacement 的话功能就是去掉 label name 前缀
# 例如:以下两句的功能就是将__meta_kubernetes_node_label_kubernetes_io_hostname
# 变为 kubernetes_io_hostname
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
# replacement 中的值将会覆盖 target_label 中指定的 label name 的值,
# 即__address__的值会被替换为 kubernetes.default.svc:443
- target_label: __address__
replacement: kubernetes.default.svc:443
# 获取__meta_kubernetes_node_name 的值
- source_labels: [__meta_kubernetes_node_name]
#匹配一个或多个任意字符,将上述 source_labels 的值生成变量
regex: (.+)
# replacement 中的值将会覆盖 target_label 中指定的 label name 的值,
# 即__metrics_path__的值会被替换为 /api/v1/nodes/${1}/proxy/metrics,
# 其中 ${1} 的值会被替换为__meta_kubernetes_node_name 的值
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
metric_relabel_configs:
- action: replace
source_labels: [id]
regex: '^/machine\.slice/machine-rkt\\x2d([^\\]+)\\.+/([^/]+)\.service$'
target_label: rkt_container_name
replacement: '${2}-${1}'
- action: replace
source_labels: [id]
regex: '^/system\.slice/(.+)\.service$'
target_label: systemd_service_name
replacement: '${1}'
- job_name: 'prometheus-node-exporter'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
#The endpoints role discovers targets from listed endpoints of a service. For each
#endpoint address one target is discovered per port. If the endpoint is backed by
#a pod, all additional container ports of the pod, not bound to an endpoint port,
#are discovered as targets as well
- role: endpoints
relabel_configs:
# 只保留 endpoints 的 annotations 中含有 prometheus.io/scrape: 'true' 和 port 的 name 为 prometheus-node-exporter 的 endpoint
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_endpoint_port_name]
regex: true;prometheus-node-exporter
action: keep
# Match regex against the concatenated source_labels. Then, set target_label to replacement,
# with match group references (${1}, ${2}, ...) in replacement substituted by their value.
# If regex does not match, no replacement takes place.
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: (.+)(?::\d+);(\d+)
replacement: $1:$2
# 去掉 label name 中的前缀__meta_kubernetes_service_label_
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
# 将__meta_kubernetes_namespace 重命名为 kubernetes_namespace
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
# 将__meta_kubernetes_service_name 重命名为 kubernetes_name
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
- job_name: 'kube-state-metrics'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
#The endpoints role discovers targets from listed endpoints of a service. For each
#endpoint address one target is discovered per port. If the endpoint is backed by
#a pod, all additional container ports of the pod, not bound to an endpoint port,
#are discovered as targets as well
- role: endpoints
relabel_configs:
# 只保留 endpoint 中的 annotations 含有 prometheus.io/scrape: 'true' 和 port 的 name 为 prometheus-node-exporter 的 endpoint
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape,__meta_kubernetes_endpoint_port_name]
regex: true;kube-state-metrics
action: keep
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: (.+)(?::\d+);(\d+)
replacement: $1:$2
# 去掉 label name 中的前缀__meta_kubernetes_service_label_
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
# 将__meta_kubernetes_namespace 重命名为 kubernetes_namespace
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
# 将__meta_kubernetes_service_name 重命名为 kubernetes_name
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
## kubernetes-services and kubernetes-ingresses are blackbox_exporter related
# Example scrape config for probing services via the Blackbox Exporter.
#
# The relabeling allows the actual service scrape endpoint to be configured
# for all or only some services.
- job_name: 'kubernetes-service-http-probe'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: service
# 将 metrics_path 由默认的 /metrics 改为 /probe
metrics_path: /probe
# Optional HTTP URL parameters.
# 生成__param_module="http_2xx" 的 label
params:
module: [http_2xx]
relabel_configs:
# 只保留含有 label 为 prometheus/io=scrape 的 service
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_service_annotation_prometheus_io_http_probe]
regex: true;true
action: keep
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_namespace, __meta_kubernetes_service_annotation_prometheus_io_http_probe_port, __meta_kubernetes_service_annotation_prometheus_io_http_probe_path]
action: replace
target_label: __param_target
regex: (.+);(.+);(.+);(.+)
replacement: $1.$2:$3$4
# 用__address__这个 label 的值创建一个名为__param_target 的 label 为 blackbox-exporter, 值为内部 service 的访问地址,作为 blackbox-exporter 采集用
#- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_http_probe_path]
# action: replace
# target_label: __param_target
# regex: (.+);(.+)
# replacement: $1$2
# 用 blackbox-exporter 的 service 地址值”prometheus-blackbox-exporter:9115" 替换原__address__的值
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
# 去掉 label name 中的前缀__meta_kubernetes_service_annotation_prometheus_io_app_info_
- action: labelmap
regex: __meta_kubernetes_service_annotation_prometheus_io_app_info_(.+)
#- source_labels: [__meta_kubernetes_namespace]
# target_label: kubernetes_namespace
#- source_labels: [__meta_kubernetes_service_name]
# target_label: kubernetes_name
## kubernetes-services and kubernetes-ingresses are blackbox_exporter related
# Example scrape config for probing services via the Blackbox Exporter.
#
# The relabeling allows the actual service scrape endpoint to be configured
# for all or only some services.
- job_name: 'kubernetes-service-tcp-probe'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: service
# 将 metrics_path 由默认的 /metrics 改为 /probe
metrics_path: /probe
# Optional HTTP URL parameters.
# 生成__param_module="tcp_connect" 的 label
params:
module: [tcp_connect]
relabel_configs:
# 只保留含有 label 为 prometheus/io=scrape 的 service
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_service_annotation_prometheus_io_tcp_probe]
regex: true;true
action: keep
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_namespace, __meta_kubernetes_service_annotation_prometheus_io_tcp_probe_port]
action: replace
target_label: __param_target
regex: (.+);(.+);(.+)
replacement: $1.$2:$3
# 用__address__这个 label 的值创建一个名为__param_target 的 label 为 blackbox-exporter, 值为内部 service 的访问地址,作为 blackbox-exporter 采集用
#- source_labels: [__address__]
# target_label: __param_target
# 用 blackbox-exporter 的 service 地址值”prometheus-blackbox-exporter:9115" 替换原__address__的值
- target_label: __address__
replacement: prometheus-blackbox-exporter:9115
- source_labels: [__param_target]
target_label: instance
# 去掉 label name 中的前缀__meta_kubernetes_service_annotation_prometheus_io_app_info_
- action: labelmap
regex: __meta_kubernetes_service_annotation_prometheus_io_app_info_(.+)
#- source_labels: [__meta_kubernetes_namespace]
# target_label: kubernetes_namespace
#- source_labels: [__meta_kubernetes_service_name]
# target_label: kubernetes_name
- job_name: 'kubernetes-app-metrics'
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
#The endpoints role discovers targets from listed endpoints of a service. For each
#endpoint address one target is discovered per port. If the endpoint is backed by
#a pod, all additional container ports of the pod, not bound to an endpoint port,
#are discovered as targets as well
- role: endpoints
relabel_configs:
# 只保留 endpoint 中含有 prometheus.io/scrape: 'true' 的 annotation 的 endpoint
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_service_annotation_prometheus_io_app_metrics]
regex: true;true
action: keep
# 将用户指定的进程的 metrics_path 替换默认的 metrics_path
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_app_metrics_path]
action: replace
target_label: __metrics_path__
regex: (.+)
# 用 pod_ip 和用户指定的进程的 metrics 端口组合成真正的可以拿到数据的地址来替换原始__address__
- source_labels: [__meta_kubernetes_pod_ip, __meta_kubernetes_service_annotation_prometheus_io_app_metrics_port]
action: replace
target_label: __address__
regex: (.+);(.+)
replacement: $1:$2
# 去掉 label name 中的前缀__meta_kubernetes_service_annotation_prometheus_io_app_info_
- action: labelmap
regex: __meta_kubernetes_service_annotation_prometheus_io_app_info_(.+)
## 将__meta_kubernetes_namespace 重命名为 kubernetes_namespace
#- source_labels: [__meta_kubernetes_namespace]
# action: replace
# target_label: kubernetes_namespace
## 将__meta_kubernetes_service_name 重命名为 kubernetes_name
#- source_labels: [__meta_kubernetes_service_name]
# action: replace
# target_label: kubernetes_name
# 监控自身
- job_name: 'prometheus'
# 目标通过 static_configs 参数进行静态配置
static_configs:
- targets: ['localhost:9090'] #prometheus 启动的端口
- job_name: 'kube-apiservers'
# 通过 https 访问 apiserver
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 endpoints 获取 apiserver 数据
- role: endpoints
#relabel_configs 允许在抓取之前对任何目标及其标签进行修改。
relabel_configs:
# 选择哪些 label
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
# 上述选择的 label 的值需要与下述对应
regex: default;kubernetes;https
# 含有符合 regex 的 source_label 的 endpoints 进行保留
action: keep
- job_name: 'kube-controller-manager'
# 通过 https 访问 apiserver
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 endpoints 获取 apiserver 数据
- role: endpoints
#relabel_configs 允许在抓取之前对任何目标及其标签进行修改。
relabel_configs:
# 选择哪些 label
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_namespace, __meta_kubernetes_service_name]
# 上述选择的 label 的值需要与下述对应
regex: true;kube-system;kube-controller-manager-prometheus-discovery
# 含有符合 regex 的 source_label 的 endpoints 进行保留
action: keep
- job_name: 'kube-scheduler'
# 通过 https 访问 apiserver
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 endpoints 获取 apiserver 数据
- role: endpoints
#relabel_configs 允许在抓取之前对任何目标及其标签进行修改。
relabel_configs:
# 选择哪些 label
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_namespace, __meta_kubernetes_service_name]
# 上述选择的 label 的值需要与下述对应
regex: true;kube-system;kube-scheduler-prometheus-discovery
# 含有符合 regex 的 source_label 的 endpoints 进行保留
action: keep
- job_name: 'etcd'
# 通过 https 访问 apiserver
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 endpoints 获取 apiserver 数据
- role: endpoints
#relabel_configs 允许在抓取之前对任何目标及其标签进行修改。
relabel_configs:
# 选择哪些 label
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_namespace, __meta_kubernetes_service_name]
# 上述选择的 label 的值需要与下述对应
regex: true;kube-system;etcd-prometheus-discovery
# 含有符合 regex 的 source_label 的 endpoints 进行保留
action: keep
- job_name: 'kube-proxy'
# 通过 https 访问 apiserver
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
#以 k8s 的角色 (role) 来定义收集,比如 node,service,pod,endpoints,ingress 等等
kubernetes_sd_configs:
# 从 endpoints 获取 apiserver 数据
- role: endpoints
#relabel_configs 允许在抓取之前对任何目标及其标签进行修改。
relabel_configs:
# 选择哪些 label
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_namespace, __meta_kubernetes_service_name]
# 上述选择的 label 的值需要与下述对应
regex: true;kube-system;kube-proxy-prometheus-discovery
# 含有符合 regex 的 source_label 的 endpoints 进行保留
action: keep
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment