| 導航:這里主要是列出一個prometheus一些系統的學習過程,最后按照章節順序查看,由於寫作該文檔經歷了不同時期,所以在文中有時出現 的雲環境不統一,但是學習具體使用方法即可,在最后的篇章,有一個完整的騰訊雲的實戰案例。 8.kube-state-metrics 和 metrics-server 13.Grafana簡單用法 參考: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config https://www.bookstack.cn/read/prometheus_practice/introduction-README.md |
由於自己寫一些prometheus sql告警規則會比較耗時,所以這里從騰訊雲的雲原生監控和prometheus operator中扒一些過來進行記錄。
(prometheus operator和雲原生中的基本差不多)
這里主要從騰訊雲的雲原生監控來獲取,因為標簽以及變量問題,該sql在聯邦集群環境中需要調整才能使用。
1.Kubernetes節點
1.1 NodeFilesystemSpaceFillingUp
( node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 and predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 )
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.instance }}/設備 {{ $labels.device }} 只剩下 {{ printf "%.2f" $value }}%的可用空間
1.2 NodeFilesystemAlmostOutOfSpace
( node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 )
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.instance }}/設備 {{ $labels.device }} 只剩下 {{ printf "%.2f" $value }}%的可用空間
1.3 NodeFilesystemFilesFillingUp
( node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 and predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 )
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.instance }}/設備 {{ $labels.device }} 只剩下{{ printf "%.2f" $value }}%的可用inode
1.4 NodeFilesystemAlmostOutOfFiles
( node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 )
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.instance }}/設備 {{ $labels.device }} 只剩下{{ printf "%.2f" $value }}%的可用inode
1.5 NodeNetworkReceiveErrs
rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01
告警內容:在最近2分鍾,集群 {{ $labels.cluster }}/node {{ $labels.instance }}/網卡 {{ $labels.device }} 出現{{ printf "%.0f" $value }}接收錯誤
1.6 NodeNetworkTransmitErrs
rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01
告警內容:在最近2分鍾,集群 {{ $labels.cluster }}/node {{ $labels.instance }}/網卡 {{ $labels.device }} 出現{{ printf "%.0f" $value }}發送錯誤
1.7 NodeHighNumberConntrackEntriesUsed
(node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75
告警內容:{{ $value | humanizePercentage }} of conntrack entries are used.
1.8 NodeClockSkewDetected
( node_timex_offset_seconds > 0.05 and deriv(node_timex_offset_seconds[5m]) >= 0 ) or ( node_timex_offset_seconds < -0.05 and deriv(node_timex_offset_seconds[5m]) <= 0 )
告警內容:集群 {{ $labels.cluster_id }}/node {{ $labels.instance }}的時鍾漂移超過300秒, 請檢查NTP是否正常配置
1.9 NodeClockNotSynchronising
min_over_time(node_timex_sync_status[5m]) == 0 and node_timex_maxerror_seconds >= 16
告警內容:集群 {{ $labels.cluster_id }}/node {{ $labels.instance }} 時鍾未同步, 請檢查NTP是否正常配置
2.kubernetes工作負載
2.1 KubePodCrashLooping
rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}/容器 {{ $labels.container}} 最近5分鍾重啟{{ printf "%.2f" $value }}次
2.2 KubePodNotReady
sum by (cluster,namespace, pod) ( max by(cluster,namespace, pod) ( kube_pod_status_phase{job="kube-state-metrics", phase=~"Pending|Unknown"} ) * on(cluster,namespace, pod) group_left(owner_kind) topk by(cluster,namespace, pod) ( 1, max by(cluster,namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) ) ) > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}處於NotReady狀態超過15分鍾
2.3 KubeDeploymentGenerationMismatch
kube_deployment_status_observed_generation{job="kube-state-metrics"}
!=
kube_deployment_metadata_generation{job="kube-state-metrics"}
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/deployment {{ $labels.deployment}}部署版本不符合預期,表示Deployment變更沒有生效
2.4 KubeDeploymentReplicasMismatch
( kube_deployment_spec_replicas{job="kube-state-metrics"} != kube_deployment_status_replicas_available{job="kube-state-metrics"} ) and ( changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) == 0 )
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/deployment {{ $labels.deployment }} 沒有達到預期副本數超過15分鍾
2.5 KubeStatefulSetReplicasMismatch
( kube_statefulset_status_replicas_ready{job="kube-state-metrics"} != kube_statefulset_status_replicas{job="kube-state-metrics"} ) and ( changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) == 0 )
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/statefulset {{ $labels.statefulset }} 沒有達到預期副本數超過15分鍾
2.6 KubeStatefulSetGenerationMismatch
kube_statefulset_status_observed_generation{job="kube-state-metrics"}
!=
kube_statefulset_metadata_generation{job="kube-state-metrics"}
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/statefulset {{ $labels.statefulset}} 部署版本不符合預期,表示statefulset變更沒有生效
2.7 KubeStatefulSetUpdateNotRolledOut
( max without (revision) ( kube_statefulset_status_current_revision{job="kube-state-metrics"} unless kube_statefulset_status_update_revision{job="kube-state-metrics"} ) * ( kube_statefulset_replicas{job="kube-state-metrics"} != kube_statefulset_status_replicas_updated{job="kube-state-metrics"} ) ) and ( changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) == 0 )
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/statefulset {{ $labels.statefulset }} 部分Pod未更新
2.8 KubeDaemonSetRolloutStuck
( ( kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} != kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} ) or ( kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} != 0 ) or ( kube_daemonset_updated_number_scheduled{job="kube-state-metrics"} != kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} ) or ( kube_daemonset_status_number_available{job="kube-state-metrics"} != kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} ) ) and ( changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics"}[5m]) == 0 )
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/daemonset {{ $labels.daemonset }} 變更卡了超過15分鍾
2.9 KubeContainerWaiting
sum by (namespace, pod, container,cluster) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/pod {{ $labels.pod }}/container {{ $labels.container}} 處於Waiting狀態超過1小時
2.10 KubeDaemonSetNotScheduled
kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"}
-
kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} > 0
告警內容:集群 {{ $labels.cluster }}/ namespace {{ $labels.namespace }}/daemonset {{ $labels.daemonset}} 中 {{ $value }} 個 pod 沒有被調度
2.11 KubeDaemonSetMisScheduled
kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/daemonset {{ $labels.daemonset}} 中 {{ $value }} 個 pod 錯誤調度到node上
2.12 KubeJobCompletion
kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/job {{ $labels.job_name }} 運行超過12小時
2.13 KubeJobFailed
kube_job_failed{job="kube-state-metrics"} > 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/job {{ $labels.job_name }} 執行失敗
2.14 KubeHpaReplicasMismatch
(kube_hpa_status_desired_replicas{job="kube-state-metrics"}
!=
kube_hpa_status_current_replicas{job="kube-state-metrics"})
and
changes(kube_hpa_status_current_replicas[15m]) == 0
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/HPA {{ $labels.hpa }} 副本數和預期不一致超過15分鍾
2.15 KubeHpaMaxedOut
kube_hpa_status_current_replicas{job="kube-state-metrics"}
==
kube_hpa_spec_max_replicas{job="kube-state-metrics"}
告警內容:集群 {{ $labels.cluster }}/namespace {{ $labels.namespace }}/HPA {{ $labels.hpa }} 副本數達到最大值超過15m
3.Kubernetes資源
3.1 KubeCPUOvercommit
sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) / sum(kube_node_status_allocatable_cpu_cores) > (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores)
告警內容:集群{{ $labels.cluster }}內Pod申請的CPU過載,當前CPU申請占比{{ $value | humanizePercentage }}
3.2 KubeMemoryOvercommit
sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) / sum(kube_node_status_allocatable_memory_bytes) > (count(kube_node_status_allocatable_memory_bytes)-1) / count(kube_node_status_allocatable_memory_bytes)
告警內容:集群{{ $labels.cluster }}內Pod申請的內存過載,當前CPU申請占比{{ $value | humanizePercentage }}
3.3 KubeCPUQuotaOvercommit
sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"})
/
sum(kube_node_status_allocatable_cpu_cores)
> 1.5
告警內容:集群{{ $labels.cluster }}CPU Quota過載,已經超過可分配CPU資源的{{ $value }}倍
3.4 KubeMemoryQuotaOvercommit
sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"})
/
sum(kube_node_status_allocatable_memory_bytes{job="node-exporter"})
> 1.5
告警內容:集群{{ $labels.cluster }}內存配額過載,已經超過可分配內存資源的{{ $value }}倍
3.5 KubeQuotaAlmostFull
kube_resourcequota{job="kube-state-metrics", type="used"}
/ ignoring(instance, job, type)
(kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
> 0.9 < 1
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}中資源{{ $labels.resource }}使用率超過{{ $value | humanizePercentage }}
3.6 KubeQuotaExceeded
kube_resourcequota{job="kube-state-metrics", type="used"}
/ ignoring(instance, job, type)
(kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
> 1
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}中資源{{ $labels.resource }}使用率超過{{ $value | humanizePercentage }}
3.7 PodCPULimitRate
sum(rate(container_cpu_usage_seconds_total{job="cadvisor", image!="", container!="POD"}[1m])) by (cluster, namespace, pod, container) / sum(kube_pod_container_resource_limits_cpu_cores) by (cluster, namespace, pod, container) > 0.8
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}/container {{ $labels.container }}的CPU使用率(占limit)達{{ $value | humanizePercentage }}.
3.8 PodCPURequestRate
sum(rate(container_cpu_usage_seconds_total{job="cadvisor", image!="", container!="POD"}[1m])) by (cluster, namespace, pod, container) / sum(kube_pod_container_resource_requests_cpu_cores) by (cluster, namespace, pod, container) > 0.8
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}/container {{ $labels.container }}的CPU使用率(占request)達{{ $value | humanizePercentage }}.
3.9 PodMemoryLimitRate
sum(rate(container_memory_working_set_bytes{job="cadvisor", image!="", container!="POD"}[1m])) by (cluster, namespace, pod, container) / sum(kube_pod_container_resource_limits_memory_bytes) by (cluster, namespace, pod, container) > 0.8
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}/container {{ $labels.container }}的內存使用率(占limit)達{{ $value | humanizePercentage }}.
3.10 PodMemoryRequestRate
sum(rate(container_memory_working_set_bytes{job="cadvisor", image!="", container!="POD"}[1m])) by (cluster, namespace, pod, container) / sum(kube_pod_container_resource_requests_memory_bytes) by (cluster, namespace, pod, container) > 0.8
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/Pod {{ $labels.pod }}/container{{ $labels.container }}的內存使用率(占request)達{{ $value | humanizePercentage }}.
4.Kubernetes存儲
4.1 KubePersistentVolumeFillingUp
kubelet_volume_stats_available_bytes{job="kubelet"}
/
kubelet_volume_stats_capacity_bytes{job="kubelet"}
< 0.03
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/pvc {{ $labels.persistentvolumeclaim }}的存儲空間只剩{{ $value | humanizePercentage }}可用
4.2 KubePersistentVolumeFillingUp
( kubelet_volume_stats_available_bytes{job="kubelet"} / kubelet_volume_stats_capacity_bytes{job="kubelet"} ) < 0.15 and predict_linear(kubelet_volume_stats_available_bytes{job="kubelet"}[6h], 4 * 24 * 3600) < 0
告警內容:集群{{ $labels.cluster }}/namespace {{ $labels.namespace }}/pvc {{ $labels.persistentvolumeclaim }}的存儲空間預計4后用盡,現在還有{{ $value | humanizePercentage }}可用
4.3 KubePersistentVolumeErrors
kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0
告警內容:集群{{ $labels.cluster }}/pv {{ $labels.persistentvolume }}狀態{{ $labels.phase }}
5.Kubernetes Master
5.1 KubeClientErrors
(sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job, cluster)
/
sum(rate(rest_client_requests_total[5m])) by (instance, job, cluster))
> 0.01
告警內容:集群 {{ $labels.cluster }}/任務 {{ $labels.job }}/實例 {{ $labels.instance}} 訪問APIServer出現{{ $value | humanizePercentage }}的錯誤
5.2 KubeClientCertificateExpiration
apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(cluster, job) histogram_quantile(0.01, sum by (cluster, job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400
告警內容:訪問集群{{ $labels.cluster }} apiserver的客戶端證書將在24小時后過期。
5.3 KubeAPIDown
sum(up{job="kube-apiserver"}) by (cluster) == 0
告警內容:集群 {{ $labels.cluster }} 的kube-apiserver沒有運行
5.4 KubeSchedulerDown
sum(up{job="kube-scheduler"}) by (cluster) == 0
告警內容:集群 {{ $labels.cluster }} 的kube-scheduler沒有運行
5.5 KubeControllerManagerDown
sum(up{job="kube-controller-manager"}) by (cluster) == 0
告警內容:集群 {{ $labels.cluster }} 的kube-controller-manager沒有運行
6.Kubernetes kubelet
6.1 KubeNodeNotReady
kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.node }} not ready持續15分鍾。
6.2 KubeletTooManyPods
count by(cluster,node) ( (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) ) / max by(cluster,node) ( kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 ) > 0.95
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.node }} 運行pod量占容量的{{ $value | humanizePercentage}}
6.3 KubeletClientCertificateExpiration
kubelet_certificate_manager_client_ttl_seconds < 86400
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.node }}上kubelet客戶端證書將在{{ $value | humanizeDuration }}后過期
6.4 KubeletServerCertificateExpiration
kubelet_certificate_manager_server_ttl_seconds < 86400
告警內容:集群 {{ $labels.cluster }}/node {{ $labels.node }}上kubelet服務端證書將在{{ $value | humanizeDuration }}后過期
6.5 KubeletDown
sum(up{job="kubelet"}) by (cluster) == 0
告警內容:集群 {{ $labels.cluster }} 的kubelet沒有運行
7.參考
以上告警規則參考騰訊雲原生監控,當然,在prometheus-operator中也有很多默認規則可以參考,具體見以下鏈接:https://github.com/prometheus-operator/kube-prometheus/tree/main/manifests