Using Self-Built Prometheus to Collect Control Plane Monitoring Metrics
Last updated: 2025-04-29 10:58:03
Using Self-Built Prometheus to Collect Control Plane Monitoring Metrics
Last updated: 2025-04-29 10:58:03
This document introduces the configuration for collecting monitoring metrics of control plane component (kube-apiserver, kube-scheduler, and kube-controller-manager) in a TKE managed cluster by using self-built Prometheus.
Prerequisites
Self-built Prometheus can access API Server of the TKE cluster.
Self-built Prometheus can be deployed inside or outside the TKE cluster.
Prometheus Collection Configuration
When self-built Prometheus is used to collect metrics of core control panel components in a TKE cluster, you need to configure metric collection Jobs first in the Prometheus configuration file prometheus.yaml. The configuration file format is as follows:
global:scrape_interval: 15s # By default, scrape targets every 15 seconds.# A scrape configuration containing exactly one endpoint to scrape:# Here it's Prometheus itself.scrape_configs:# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.- job_name: kube-apiserver......- job_name: kube-controller-manager......- job_name: kube-scheduler......
Each core component corresponds to a Job. For specific configuration, see the metric list of the corresponding core component. For the method of configuring prometheus.yaml of community Prometheus, see Configuration.
Monitoring Metric Collection Inside a TKE Cluster
Prometheus is deployed in a TKE cluster for monitoring.
kube-apiserver
For more information about the kube-apiserver component, see kube-apiserver component metric descriptions.
scrape_configs:- job_name: kube-apiserverhonor_timestamps: trueparams:component:- apiserverscrape_interval: 15smetrics_path: /master/metricsscheme: httpfollow_redirects: trueenable_http2: truerelabel_configs:- source_labels: [job]separator: ;regex: (.*)target_label: __tmp_prometheus_job_namereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_managed_by,__meta_kubernetes_service_labelpresent_app_kubernetes_io_managed_by]separator: ;regex: (Helm);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_app, __meta_kubernetes_service_labelpresent_label_qcloud_app]separator: ;regex: (cluster-monitor);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_service, __meta_kubernetes_service_labelpresent_label_qcloud_service]separator: ;regex: (master-metrics-service);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_port_name]separator: ;regex: http-metricsreplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Node;(.*)target_label: nodereplacement: ${1}action: replace- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Pod;(.*)target_label: podreplacement: ${1}action: replace- source_labels: [__meta_kubernetes_namespace]separator: ;regex: (.*)target_label: namespacereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_name]separator: ;regex: (.*)target_label: servicereplacement: $1action: replace- separator: ;regex: (.*)target_label: endpointreplacement: http-metricsaction: replacemetric_relabel_configs:- source_labels: [pod]separator: ;regex: (.*)target_label: instancereplacement: $1action: replacekubernetes_sd_configs:- role: endpointskubeconfig_file: ""follow_redirects: trueenable_http2: truenamespaces:own_namespace: falsenames:- kube-system
kube-scheduler
For more information about the kube-scheduler component, see kube-scheduler component metric descriptions.
scrape_configs:- job_name: kube-schedulerhonor_labels: truehonor_timestamps: trueparams:component:- schedulerscrape_interval: 30sscrape_timeout: 10smetrics_path: /master/metricsscheme: httpfollow_redirects: trueenable_http2: truerelabel_configs:- source_labels: [job]separator: ;regex: (.*)target_label: __tmp_prometheus_job_namereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_managed_by,__meta_kubernetes_service_labelpresent_app_kubernetes_io_managed_by]separator: ;regex: (Helm);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_app, __meta_kubernetes_service_labelpresent_label_qcloud_app]separator: ;regex: (cluster-monitor);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_service, __meta_kubernetes_service_labelpresent_label_qcloud_service]separator: ;regex: (master-metrics-service);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_port_name]separator: ;regex: http-metricsreplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Node;(.*)target_label: nodereplacement: ${1}action: replace- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Pod;(.*)target_label: podreplacement: ${1}action: replace- source_labels: [__meta_kubernetes_namespace]separator: ;regex: (.*)target_label: namespacereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_name]separator: ;regex: (.*)target_label: servicereplacement: $1action: replace- separator: ;regex: (.*)target_label: endpointreplacement: http-metricsaction: replacemetric_relabel_configs:- source_labels: [pod]separator: ;regex: (.*)target_label: instancereplacement: $1action: replacekubernetes_sd_configs:- role: endpointskubeconfig_file: ""follow_redirects: trueenable_http2: truenamespaces:own_namespace: falsenames:- kube-system
kube-controller-manager
For more information about the kube-controller-manager component, see kube-controller-manager component metric descriptions.
scrape_configs:- job_name: kube-controller-managerhonor_labels: truehonor_timestamps: trueparams:component:- controller-managerscrape_interval: 30sscrape_timeout: 10smetrics_path: /master/metricsscheme: httpfollow_redirects: trueenable_http2: truerelabel_configs:- source_labels: [job]separator: ;regex: (.*)target_label: __tmp_prometheus_job_namereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_managed_by,__meta_kubernetes_service_labelpresent_app_kubernetes_io_managed_by]separator: ;regex: (Helm);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_app, __meta_kubernetes_service_labelpresent_label_qcloud_app]separator: ;regex: (cluster-monitor);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_service_label_label_qcloud_service, __meta_kubernetes_service_labelpresent_label_qcloud_service]separator: ;regex: (master-metrics-service);truereplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_port_name]separator: ;regex: http-metricsreplacement: $1action: keep- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Node;(.*)target_label: nodereplacement: ${1}action: replace- source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]separator: ;regex: Pod;(.*)target_label: podreplacement: ${1}action: replace- source_labels: [__meta_kubernetes_namespace]separator: ;regex: (.*)target_label: namespacereplacement: $1action: replace- source_labels: [__meta_kubernetes_service_name]separator: ;regex: (.*)target_label: servicereplacement: $1action: replace- separator: ;regex: (.*)target_label: endpointreplacement: http-metricsaction: replacemetric_relabel_configs:- source_labels: [pod]separator: ;regex: (.*)target_label: instancereplacement: $1action: replacekubernetes_sd_configs:- role: endpointskubeconfig_file: ""follow_redirects: trueenable_http2: truenamespaces:own_namespace: falsenames:- kube-system
Collecting via ServiceMonitor
apiVersion: monitoring.coreos.com/v1kind: ServiceMonitormetadata:name: master-metrics-exporternamespace: kube-systemspec:endpoints:- honorLabels: trueinterval: 15smetricRelabelings:- action: replacesourceLabels:- podtargetLabel: instanceparams:component:- apiserverpath: /master/metricsport: http-metricsrelabelings:- action: replacereplacement: kube-apiservertargetLabel: job- honorLabels: trueinterval: 15smetricRelabelings:- action: replacesourceLabels:- podtargetLabel: instanceparams:component:- controller-managerpath: /master/metricsport: http-metricsrelabelings:- action: replacereplacement: kube-controller-managertargetLabel: job- honorLabels: trueinterval: 15smetricRelabelings:- action: replacesourceLabels:- podtargetLabel: instanceparams:component:- schedulerpath: /master/metricsport: http-metricsrelabelings:- action: replacereplacement: kube-schedulertargetLabel: jobnamespaceSelector: {}selector:matchLabels:app.kubernetes.io/managed-by: Helmlabel_qcloud_app: cluster-monitorlabel_qcloud_service: master-metrics-service
Monitoring Metric Collection Outside a TKE Cluster
This document takes collection outside a cluster under the same VPC as Prometheus as an example.
Prerequisites
Public network or private network access has been enabled for the target cluster.
Enabling Cross-Cluster Metric Collection
1. Log in to the TKE console, and click Cluster in the left sidebar.
2. Click the ID of the target cluster on the Cluster Management page to enter the cluster details page.
3. Click Add-on management in the left sidebar.
4. Click Update Configuration of the clustermonitor component.
5. Check the option to enable control plane component metric collection outside the cluster on the component configuration update page, and select the container subnet.
Note:
The container subnet cannot be changed after it is selected. If you need to change it, disable the feature of control plane component metric collection outside the cluster first. After the subnet is changed, enable the feature again.
6. Click Complete.
Collection Configuration
For specific operations, see Configuration and Monitoring kubernetes with prometheus from outside of k8s cluster. Compared with the configuration of collection inside the cluster, the kubernetes_sd_configs settings are modified. The configuration method is as follows:
scrape_configs:- job_name: out-tke-apiserverkubernetes_sd_configs:- role: endpointskubeconfig_file: ""follow_redirects: trueenable_http2: truenamespaces:names:- kube-systemnamespaces:names:- kube-systemapi_server: 'https://<KUBERNETES URL>'tls_config:ca_file: /etc/prometheus/kubernetes-ca.crtbearer_token: '<SERVICE ACCOUNT BEARER TOKEN>'scrape_interval: 30s
Verification
1. Log in to the console of self-built Prometheus and switch to the Graph page.
2. Enter
up to check whether all control plane components can be displayed.
3. Enter the following instruction to verify whether API Server is normal:
apiserver_request_total{job="apiserver"}
4. Enter the following instruction to verify whether Scheduler is normal:
rest_client_requests_total{job="scheduler"}
5. Enter the following instruction to verify whether Controller Manager is normal:
rest_client_requests_total{job="controller-manager"}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback