SRE文档1.部署
1.1 单节点安装
docker pull grafana/grafana:9.3.6docker pull grafana/grafana:9.3.6- 启动
mkdir /prometheus/grafana -p
chmod 777 /prometheus/grafana
docker run -d -p 3000:3000 --name grafana grafana/grafana:9.3.6mkdir /prometheus/grafana -p
chmod 777 /prometheus/grafana
docker run -d -p 3000:3000 --name grafana grafana/grafana:9.3.6- 从容器拷贝配置文件至对应目录
docker exec -it grafana cat /etc/grafana/grafana.ini > /prometheus/grafana/grafana.ini
cat /prometheus/grafana/grafana.inidocker exec -it grafana cat /etc/grafana/grafana.ini > /prometheus/grafana/grafana.ini
cat /prometheus/grafana/grafana.ini- 删除临时
docker rm -f grafanadocker rm -f grafana- 正式
bash
docker run --name grafana --restart=always \
-d -p 3000:3000 \
-e "GF_SERVER_ROOT_URL=https://grafana.ikubernetes.net" \
-e "GF_SECURITY_ADMIN_PASSWORD=cquisse" \
-v "/prometheus/grafana/grafana.ini:/etc/grafana/grafana.ini" \
-v "/prometheus/grafana/:/var/lib/grafana" \
grafana/grafana:9.3.6docker run --name grafana --restart=always \
-d -p 3000:3000 \
-e "GF_SERVER_ROOT_URL=https://grafana.ikubernetes.net" \
-e "GF_SECURITY_ADMIN_PASSWORD=cquisse" \
-v "/prometheus/grafana/grafana.ini:/etc/grafana/grafana.ini" \
-v "/prometheus/grafana/:/var/lib/grafana" \
grafana/grafana:9.3.6参数介绍:
- 设置服务的默认域名 :
-e "GF_SERVER_ROOT_URL=https://grafana.bladex.vip" - 设置admin的密码为
admin:-e "GF_SECURITY_ADMIN_PASSWORD=admin" - 注意:密码若带特殊符号请加
\转义 -v "/prometheus/grafana/grafana.ini:/etc/grafana/grafana.ini"将宿主机上grafana配置文件挂载至容器中,如果需要修改直接重启即可-v "/prometheus/grafana/:/var/lib/grafana"将容器中的数据存储挂载至宿主机指定路径持久化
1.2 k8s部署
1.2.1 创建存储
cat 1.grafana-storage.yaml
yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-data-pvc
namespace: monitor
spec:
accessModes:
- ReadWriteMany
storageClassName: "nfs-provisioner-storage"
resources:
requests:
storage: 10GiapiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-data-pvc
namespace: monitor
spec:
accessModes:
- ReadWriteMany
storageClassName: "nfs-provisioner-storage"
resources:
requests:
storage: 10Gi1.2.2 创建config
cat 2.grafana-config.yaml
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-config
namespace: monitor
data:
grafana.ini: |
[server]
root_url = http://grafana.ikubernetes.net
[smtp]
enabled = true
host = smtp.exmail.qq.com:465
user = xxxx@xxxx.cn
password = yfXBxxxxYTjn
skip_verify = true
from_address = xxxx@xxxx.cnapiVersion: v1
kind: ConfigMap
metadata:
name: grafana-config
namespace: monitor
data:
grafana.ini: |
[server]
root_url = http://grafana.ikubernetes.net
[smtp]
enabled = true
host = smtp.exmail.qq.com:465
user = xxxx@xxxx.cn
password = yfXBxxxxYTjn
skip_verify = true
from_address = xxxx@xxxx.cn1.2.3 创建dp资源
cat 3.grafana-deploy.yaml
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-core
namespace: monitor
labels:
app: grafana
component: core
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
component: core
spec:
securityContext:
fsGroup: 472
runAsUser: 472
containers:
- name: grafana-core
image: registry.cn-zhangjiakou.aliyuncs.com/hsuing/grafana:v11
imagePullPolicy: IfNotPresent
# env:
resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 300m
memory: 1Gi
requests:
cpu: 100m
memory: 500Mi
env:
# The following env variables set up basic auth twith the default admin user and admin password.
- name: GF_AUTH_BASIC_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "false"
# - name: GF_AUTH_ANONYMOUS_ORG_ROLE
# value: Admin
# does not really work, because of template variables in exported dashboards:
# - name: GF_DASHBOARDS_JSON_ENABLED
# value: "true"
readinessProbe:
failureThreshold: 3
httpGet:
path: /api/health
port: 3000
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
volumeMounts:
- name: data
subPath: grafana
mountPath: /var/lib/grafana
- name: grafana-config
mountPath: /etc/grafana
readOnly: true
- name: host-time
mountPath: /etc/localtime
volumes:
- name: host-time
hostPath:
path: /etc/localtime
- name: data
persistentVolumeClaim:
claimName: grafana-data-pvc
- name: grafana-config
configMap:
name: grafana-configapiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-core
namespace: monitor
labels:
app: grafana
component: core
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
component: core
spec:
securityContext:
fsGroup: 472
runAsUser: 472
containers:
- name: grafana-core
image: registry.cn-zhangjiakou.aliyuncs.com/hsuing/grafana:v11
imagePullPolicy: IfNotPresent
# env:
resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 300m
memory: 1Gi
requests:
cpu: 100m
memory: 500Mi
env:
# The following env variables set up basic auth twith the default admin user and admin password.
- name: GF_AUTH_BASIC_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "false"
# - name: GF_AUTH_ANONYMOUS_ORG_ROLE
# value: Admin
# does not really work, because of template variables in exported dashboards:
# - name: GF_DASHBOARDS_JSON_ENABLED
# value: "true"
readinessProbe:
failureThreshold: 3
httpGet:
path: /api/health
port: 3000
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
volumeMounts:
- name: data
subPath: grafana
mountPath: /var/lib/grafana
- name: grafana-config
mountPath: /etc/grafana
readOnly: true
- name: host-time
mountPath: /etc/localtime
volumes:
- name: host-time
hostPath:
path: /etc/localtime
- name: data
persistentVolumeClaim:
claimName: grafana-data-pvc
- name: grafana-config
configMap:
name: grafana-config1.2.4 创建svc
cat 4.grafana-svc.yaml
yaml
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitor
labels:
app: grafana
component: core
spec:
type: ClusterIP
ports:
- port: 3000
selector:
app: grafana
component: coreapiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitor
labels:
app: grafana
component: core
spec:
type: ClusterIP
ports:
- port: 3000
selector:
app: grafana
component: core1.2.5 创建ingress
cat 5.grafana-ingress.yaml
yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
namespace: monitor
annotations:
prometheus.io/http_probe: "true"
spec:
ingressClassName: nginx
rules:
- host: grafana.ikubernetes.net
http:
paths:
- pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
path: /apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
namespace: monitor
annotations:
prometheus.io/http_probe: "true"
spec:
ingressClassName: nginx
rules:
- host: grafana.ikubernetes.net
http:
paths:
- pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
path: /- 效果
默认用户和密码都是admin,首次登录需要修改密码
2. 插件
进入 Grafana Pod 容器内,通过镜像自带的 grafana-cli 工具进行插件的安装
kubectl exec -it grafana-core-66c95d6b5b-pkt6p -n monitor -- /bin/shkubectl exec -it grafana-core-66c95d6b5b-pkt6p -n monitor -- /bin/sh- 常用插件
bash
grafana-cli plugins install grafana-piechart-panel
grafana-cli plugins install camptocamp-prometheus-alertmanager-datasource
grafana-cli plugins install grafana-polystat-panel
grafana-cli plugins install grafana-clock-panel
grafana-cli plugins install mtanda-histogram-panel
grafana-cli plugins install digrich-bubblechart-panelgrafana-cli plugins install grafana-piechart-panel
grafana-cli plugins install camptocamp-prometheus-alertmanager-datasource
grafana-cli plugins install grafana-polystat-panel
grafana-cli plugins install grafana-clock-panel
grafana-cli plugins install mtanda-histogram-panel
grafana-cli plugins install digrich-bubblechart-panel- 重启服务
grafana不支持热更新,的需要重启服务生效
bash
kubectl rollout restart deploy grafana-core -nmonitorkubectl rollout restart deploy grafana-core -nmonitor3. 模版
基于10以上
2.1 k8s
13105