rancher2.4平台导入的k8s集群无法监控etcd解决办法

rancher2.4平台导入的k8s集群无法监控etcd解决办法

user root; worker_processes auto; worker_cpu_affinity auto; worker_rlimit_nofile 65535; error_log logs/error.log warn; pid logs/nginx.pid; events { use epoll; multi_accept on; worker_connections 65535; } { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 128k; large_client_header_buffers 4 128k; client_max_body_size 600m; client_body_buffer_size 2m; #charset utf-8; sendfile on; tcp_nopush on; keepalive_timeout 60 50; send_timeout 10s; check_shm_size 6m; tcp_nodelay on; server_tokens off; add_header X-Frame-Options SAMEORIGIN; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_1.1; gzip_comp_level 2; gzip_types text/css; gzip_vary on; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 512k; proxy_buffers 4 512k; proxy_busy_buffers_size 512k; proxy_temp_file_write_size 1024k; server { listen 2379; large_client_header_buffers 4 16k; client_max_body_size 300m; client_body_buffer_size 512k; proxy_connect_timeout 900s; proxy_read_timeout 900s; proxy_send_timeout 900s; proxy_buffer_size 128k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 512k; location / { add_header Access-Control-Allow-Origin *; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Port $server_port; proxy_redirect off; proxy_1.1; proxy_ssl_certificate /etc/etcd/etcd.crt; #这个目录是上面的证书配置文件映射的位置 proxy_ssl_certificate_key /etc/etcd/etcd.key; proxy_ssl_trusted_certificate /etc/etcd/etcd.ca; proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; proxy_ssl_ciphers HIGH:!aNULL:!MD5; proxy_ssl_verify off; proxy_ssl_verify_depth 2; proxy_ssl_session_reuse on; proxy_pass #这个是真实的etcd地址，三个节点三个地址，分别配置。 } } log_format json '{"@timestamp":"$time_iso8601",' # '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' # '"con_length":"$content_length",' # '"cookie":"$http_cookie",' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"url":"$uri",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"agent":"$http_user_agent",' '"status":"$status"}'; access_log logs/access.log json; }

然后部署三个deployment：

apiVersion: apps/v1 kind: Deployment metadata: name: etcd-master01 namespace: cattle-prometheus spec: selector: matchLabels: app: etcd-metrics01 template: metadata: annotations: field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":2379,"schema":"HTTP"}]' labels: app: etcd-metrics01 spec: containers: - image: images.example.com/images:nginx #替换成自己的nginx镜像，或者公共nginx镜像 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /metrics port: 2379 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 2 name: etcd-master01 readinessProbe: failureThreshold: 3 httpGet: path: /metrics port: 2379 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 2 successThreshold: 2 timeoutSeconds: 2 volumeMounts: - mountPath: /etc/etcd/ #挂载的证书目录，需要和nginx配置中一样 name: etcd-ssl readOnly: true - mountPath: /usr/local/nginx/conf/nginx.conf #nginx配置目录，需要和镜像中nginx的一直。比如yum安装就是在/etc/nginx/nginx.conf中。 name: nginx subPath: nginx.conf imagePullSecrets: - name: docker volumes: - configMap: defaultMode: 256 name: etcd-ssl optional: false name: etcd-ssl - configMap: defaultMode: 256 name: nginx-etcd01 optional: false name: nginx

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。