[TOC] kube-state-metrics 是关于在不修改的情况下从 `Kubernetes API` 对象生成指标。这确保了 `kube-state-metrics` 提供的特性与 Kubernetes API 对象本身具有相同等级的稳定性。反过来，这意味着 `kube-state-metrics` 在某些情况下可能不会显示与 kubectl 完全相同的值，因为 kubectl 应用某些启发式方法来显示可理解的消息。`kube-state-metrics` 公开了未经 `Kubernetes API` 修改的原始数据，这样用户就拥有了他们需要的所有数据，并在他们认为合适的时候执行启发式算法。 ## 版本兼容性  ## 部署安装 1.rbac清单文件 ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 name: kube-state-metrics rules: - apiGroups: - "" resources: - configmaps - secrets - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - namespaces - endpoints verbs: - list - watch - apiGroups: - apps resources: - statefulsets - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - policy resources: - poddisruptionbudgets verbs: - list - watch - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests verbs: - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses - volumeattachments verbs: - list - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies - ingresses verbs: - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-state-metrics subjects: - kind: ServiceAccount name: kube-state-metrics namespace: kube-mon --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 name: kube-state-metrics namespace: kube-mon ``` 2.deployment清单文件 ```yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 name: kube-state-metrics namespace: kube-mon spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: kube-state-metrics template: metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 spec: containers: - image: bitnami/kube-state-metrics:2.3.0 livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 name: kube-state-metrics ports: - containerPort: 8080 name: http-metrics - containerPort: 8081 name: telemetry readinessProbe: httpGet: path: / port: 8081 initialDelaySeconds: 5 timeoutSeconds: 5 securityContext: runAsUser: 65534 nodeSelector: kubernetes.io/os: linux serviceAccountName: kube-state-metrics ``` 3.service清单文件 ```yaml apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: 2.3.0 name: kube-state-metrics namespace: kube-mon spec: clusterIP: None ports: - name: http-metrics port: 8080 targetPort: http-metrics - name: telemetry port: 8081 targetPort: telemetry selector: app.kubernetes.io/name: kube-state-metrics ``` 4.创建相关资源 ```shell $ kubectl apply -f rbac.yml clusterrole.rbac.authorization.k8s.io/kube-state-metrics created clusterrolebinding.rbac.authorization.k8s.io/kube-state-metrics created serviceaccount/kube-state-metrics created $ kubectl apply -f deploy.yml deployment.apps/kube-state-metrics created $ kubectl apply -f service.yml service/kube-state-metrics created ``` 5.验证 ```shell $ kubectl -n kube-system get pod -l app.kubernetes.io/name=kube-state-metrics NAME READY STATUS RESTARTS AGE kube-state-metrics-6544d5656d-sjnhh 1/1 Running 0 53m $ kubectl -n kube-system get endpoints kube-state-metrics NAME ENDPOINTS AGE kube-state-metrics 20.0.32.184:8081,20.0.32.184:8080 54m $ curl -s 20.0.32.184:8080/metrics | head -20 # HELP kube_certificatesigningrequest_annotations Kubernetes annotations converted to Prometheus labels. # TYPE kube_certificatesigningrequest_annotations gauge # HELP kube_certificatesigningrequest_labels Kubernetes labels converted to Prometheus labels. # TYPE kube_certificatesigningrequest_labels gauge # HELP kube_certificatesigningrequest_created Unix creation timestamp # TYPE kube_certificatesigningrequest_created gauge # HELP kube_certificatesigningrequest_condition The number of each certificatesigningrequest condition # TYPE kube_certificatesigningrequest_condition gauge # HELP kube_certificatesigningrequest_cert_length Length of the issued cert # TYPE kube_certificatesigningrequest_cert_length gauge # HELP kube_configmap_annotations Kubernetes annotations converted to Prometheus labels. # TYPE kube_configmap_annotations gauge kube_configmap_annotations{namespace="kube-mon",configmap="alertmanager-config"} 1 kube_configmap_annotations{namespace="kube-mon",configmap="prometheus-config"} 1 kube_configmap_annotations{namespace="kube-system",configmap="cert-manager-cainjector-leader-election"} 1 kube_configmap_annotations{namespace="kube-system",configmap="extension-apiserver-authentication"} 1 kube_configmap_annotations{namespace="kube-system",configmap="cert-manager-controller"} 1 kube_configmap_annotations{namespace="kube-mon",configmap="etcd-certs"} 1 kube_configmap_annotations{namespace="kube-system",configmap="coredns"} 1 kube_configmap_annotations{namespace="kube-system",configmap="calico-config"} 1 ``` 6.监控获取指标 ```yaml - job_name: "kube-state-metrics" kubernetes_sd_configs: - role: endpoints relabel_configs: - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_endpoints_name, __meta_kubernetes_endpoint_port_name] action: keep regex: kube-mon;kube-state-metrics;http-metrics ``` > 需要重新加载Prometheus配置文件 7.查看Prometheus的targets  ## 参考 https://github.com/kubernetes/kube-state-metrics#kubernetes-deployment