1、创建用户角色权限
bash
vi z-categraf-monitor-rbac.yaml
bash
apiVersion: v1
kind: ServiceAccount
metadata:
name: z-categraf-monitor
namespace: z-monitor
labels:
app: categraf
purpose: cadvisor-monitor
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: z-categraf-monitor-clusterrole
labels:
app: categraf
purpose: cadvisor-monitor
rules:
- nonResourceURLs:
- "/metrics/cadvisor"
- "/stats/summary"
- "/pods"
- "/nodes/proxy/metrics/cadvisor"
verbs: ["get"]
- apiGroups: [""]
resources:
- "nodes"
- "nodes/metrics"
- "nodes/stats"
- "nodes/proxy"
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: z-categraf-monitor-clusterrolebinding
labels:
app: categraf
purpose: cadvisor-monitor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: z-categraf-monitor-clusterrole
subjects:
- kind: ServiceAccount
name: z-categraf-monitor
namespace: z-monitor
bash
kubectl apply -f z-categraf-monitor-rbac.yaml2、获取token
bash
# 提取Token
SECRET_NAME=$(kubectl get sa z-categraf-monitor -n z-monitor -o jsonpath='{.secrets[0].name}')
VALID_TOKEN=$(kubectl get secret $SECRET_NAME -n z-monitor -o jsonpath='{.data.token}' | base64 -d)
# 将Token写入文件
echo "$VALID_TOKEN" > /data/zz/z-categraf-monitor.token3、每个节点配置 categraf/conf/input.cadvisor/cim-pord-cadvisor.toml
bash
vi cim-pord-cadvisor.toml
bash
# # collect interval
interval = 15
[[instances]]
url = "https://127.0.0.1:10250"
type = "kubelet"
bearer_token_string = "eyxxxxx"
ignore_label_keys = ["id","name", "container_label*"]
insecure_skip_verify = true
use_tls = true
container_exclude = ["^POD$"]
# ignore_label_keys = ["id","name", "container_label*"]
## choose_label_keys = ["id"]
timeout = "15s"# # collect interval