coreos / kube-prometheus-无法使用列入白名单的ip设置入口

时间:2020-04-17 11:10:39

标签: kubernetes kubernetes-ingress jsonnet

coreos / kube-prometheus的基本设置也是如此,现在我正尝试为列入白名单ip的Prometheus,grafana和警报管理器外部访问点添加其他配置,例如,从特定ip访问(my ip)/prometheus。我刚开始使用kubernetes,所以不知道我在做什么。

现在我已经用coreos / kube-prometheus进行了这种配置:

  local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
  local secret = k.core.v1.secret;
  local ingress = k.extensions.v1beta1.ingress;
  local ingressTls = ingress.mixin.spec.tlsType;
  local ingressRule = ingress.mixin.spec.rulesType;
  local httpIngressPath = ingressRule.mixin.http.pathsType;

  local kp =
    (import 'kube-prometheus/kube-prometheus.libsonnet') +
    // Uncomment the following imports to enable its patches
    // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
    // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
    {
      _config+:: {
        namespace: 'monitoring',
        grafana+:: {
          config+: {
            sections+: {
              server+: {
                root_url: 'http://localhost/grafana',
              },
            },
          },
        },
      },
      alertmanager+:: {
        alertmanager+: {
          spec+: {
            externalUrl: 'http://localhost/alert',
            routePrefix: '/alert'
          },
        },
      },
      prometheus+:: {
        prometheus+: {
          spec+: {
            externalUrl: 'http://localhost/prometheus',
            routePrefix: '/prometheus'
          },
        },
      },

      // Create ingress objects per application
      ingress+:: {
        'alertmanager-main':
          ingress.new() +
          ingress.mixin.metadata.withName('alertmanager-main') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.mixin.backend.withServiceName('alertmanager-main') +
              httpIngressPath.mixin.backend.withServicePort('web')
            ),
          ),
        grafana:
          ingress.new() +
          ingress.mixin.metadata.withName('grafana') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.mixin.backend.withServiceName('grafana') +
              httpIngressPath.mixin.backend.withServicePort('http')
            ),
          ),
        'prometheus-k8s':
          ingress.new() +
          ingress.mixin.metadata.withName('prometheus-k8s') +
          ingress.mixin.metadata.withNamespace($._config.namespace) +
          ingress.mixin.metadata.withAnnotations({
            'ingress.kubernetes.io/whitelist-source-range': 'my ip/32'
          }) +
          ingress.mixin.spec.withRules(
            ingressRule.new() +
            ingressRule.mixin.http.withPaths(
              httpIngressPath.new() +
              httpIngressPath.withPath("/prometheus") +
              httpIngressPath.mixin.backend.withServiceName('prometheus-k8s') +
              httpIngressPath.mixin.backend.withServicePort('web')
            ),
          ),
      },
    };

  { ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
  {
    ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
    for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
  } +
  // serviceMonitor is separated so that it can be created after the CRDs are ready
  { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
  { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
  { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
  { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
  { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
  { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
  { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
  { [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }

然后我在获取yaml输出的地方对其进行编译,然后我可以将其应用于kubernetes,然后检查kubectl describe ing prometheus-k8s -n monitoring在哪里:

enter image description here

当我尝试访问http://localhost/prometheus时,什么都没有发生。不知道我在做什么,而且我不知道如何访问服务点,有人可以帮助我吗?

0 个答案:

没有答案
相关问题
最新问题