Versions Compared

Version Old Version 2 New Version 3
Changes made by

이병욱

이병욱

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

  • Kubernetes cluster의 Applications tab > Prometheus 설치

Table of Contents

설치 전 환경 설정

nfs 서버 설정

  • 공유폴더 생성
    $ mkdir /home/data

  • 폴더 권한 변경
    $ chmod 777 /home/data

  • 패키지 설치
    $ yum install nfs-utils (CentOS)
    $ apt-get install nfs-common nfs-kernel-server (Ubuntu)

  • NFS 설정 수정

    Code Block
    languagebash
    $ vi /etc/exports

/home/data *(rw,sync,no_subtree_check)   ## ip, hostname, 도메인 등으로 설정해야 하나 kubernetes에서 인식 못하는 오류가 있어서 전체 허용으로 설정

  • 설정 반영

    Code Block
    exportfs -a
systemctl restart nfs-kernel-server

서비스 계정 및 역할 바인딩 배포

  • rbac.yaml 파일 생성

    Code Block
    languagebash
    $ vi rbac.yaml

kind: ServiceAccount
apiVersion: v1
metadata:
  name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    namespace: default
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

  • yaml 배포
    $ kubectl create -f rbac.yaml

  • clusterRole 및 바인딩이 생성되었는지 확인

    Code Block
    languagebash
    $ kubectl get clusterrole, clusterrolebinding, role, rolebinding | grep nfs
clusterrole.rbac.authorization.k8s.io/nfs-client-provisioner-runner 20m
clusterrolebinding.rbac.authorization.k8s.io/run-nfs-client-provisioner 20m
role.rbac.authorization.k8s.io/leader-locking-nfs-client-provisioner 20m
rolebinding.rbac.authorization.k8s.io/leader- locking-nfs-client-provisioner 20m

스토리지 클래스 및 NFS Provisioner 배포

  • StorageClass 생성

    Code Block
    $ vi class.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-nfs-storage
provisioner: nfs-gitlab
reclaimPolicy: Retain
allowVolumeExpansion: true
parameters:
  archiveOnDelete: "false"

...

  • yaml 배포
    $ kubectl create -f deployment.yaml

  • nfs-client-provisioner pod 생성 확인

    Code Block
    $ kubectl get all
NAME                                          READY   STATUS    RESTARTS   AGE
pod/nfs-client-provisioner-6d5d96fffb-5v6n7   1/1     Running   0          16m

NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/default-http-backend   ClusterIP   10.107.231.71   <none>        80/TCP    3h45m
service/kubernetes             ClusterIP   10.96.0.1       <none>        443/TCP   30h

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nfs-client-provisioner   1/1     1            1           16m

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/nfs-client-provisioner-6d5d96fffb   1         1         1       16m

values.yaml 수정

Code Block
languagebash
$ vi /opt/gitlab/embedded/service/gitlab-rails/vendor/prometheus/values.yaml

securityContext:
  fsGroup: 999
  runAsUser: 999

alertmanager:
  enabled: true
  persistentVolume:
    accessModes:
      - ReadWriteOnce
    annotations: {}
    existingClaim: ""
    mountPath: /home/data
    size: 20Gi
    storageClass: managed-nfs-storage
    subPath: ""

kubeStateMetrics:
  enabled: true

nodeExporter:
  enabled: false

pushgateway:
  enabled: false

server:
  fullnameOverride: "prometheus-prometheus-server"
  persistentVolume:
    accessModes:
      - ReadWriteOnce
    annotations: {}
    existingClaim: ""
    mountPath: /home/data
    size: 20Gi
    storageClass: managed-nfs-storage
    subPath: ""

...

...

  • alertmanager 설정

    Code Block
    # values.yaml 내용
alertmanager:
  enabled: true
  persistentVolume:
    accessModes:
      - ReadWriteOnce
    annotations: {}
    existingClaim: ""
    mountPath: /home/data
    size: 20Gi
    storageClass: managed-nfs-storage
    subPath: ""

  • server 설정

    Code Block
    # values.yaml 내용
server:
  fullnameOverride: "prometheus-prometheus-server"
  persistentVolume:
    accessModes:
      - ReadWriteOnce
    annotations: {}
    existingClaim: ""
    mountPath: /home/data
    size: 20Gi
    storageClass: managed-nfs-storage
    subPath: ""

Prometheus 설치 확인

  • Kubernetes cluster의 Applications tab 확인

...