我正在尝试为我的 Kubernetes 集群设置 AlertManager。我已遵循此文档(https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md)-> 一切正常。
为了设置 AlertManager,我正在研究这个文档(https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/alerting.md)
我得到了CrashLoopBackOfffor alertmanager-example-0。请检查随附的日志:
第一张图片:$ kubectl logs -f prometheus-operator-88fcf6d95-zctgw -n monitoring
第二张图片:$ kubectl describe pod alertmanager-example-0
谁能指出我做错了什么?提前致谢。
听起来您有一个问题,即警报管理器 pod 使用的RBAC和服务帐户( system:serviceaccount:monitoring:prometheus-operator) 没有足够的权限与 kube-apiserver 通信。
在您的 Prometheus Operator 的情况下,ClusterRoleBindingprometheus-operator如下所示:
$ kubectl get clusterrolebinding prometheus-operator -o=yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: prometheus-operator
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-operator
subjects:
- kind: ServiceAccount
name: prometheus-operator
namespace: monitoring
更重要的是,ClusterRole应该看起来像这样:
$ kubectl get clusterrole prometheus-operator -o=yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: prometheus-operator
name: prometheus-operator
rules:
- apiGroups:
- extensions
resources:
- thirdpartyresources
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanager
- alertmanagers
- prometheus
- prometheuses
- service-monitor
- servicemonitors
- prometheusrules
verbs:
- '*'
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch