引言
随着云原生技术的快速发展,现代应用架构变得越来越复杂,微服务、容器化部署、动态扩缩容等特性使得传统的监控方式难以满足需求。构建一个完整的云原生监控体系成为了企业数字化转型的关键环节。
本文将详细介绍如何基于Prometheus、Grafana和Loki构建一套完整的云原生监控解决方案,涵盖指标监控、日志收集和告警管理三个核心维度,为读者提供从架构设计到生产部署的完整实践指南。
云原生监控体系概述
监控体系的核心要素
现代云原生监控体系通常包含三个核心维度:
- 指标监控(Metrics):通过Prometheus等时序数据库收集系统性能指标
- 日志监控(Logs):通过Loki等日志聚合系统收集和分析应用日志
- 告警管理(Alerting):基于监控数据触发告警,实现故障及时发现和响应
Prometheus在云原生监控中的作用
Prometheus作为云原生生态系统的核心监控工具,具有以下优势:
- 多维数据模型,支持丰富的指标类型
- 强大的查询语言PromQL
- 自动服务发现机制
- 与Kubernetes集成良好
- 生态系统完善,支持多种Exporter
Prometheus监控体系搭建
基础环境准备
在开始部署之前,我们需要准备以下环境:
# 创建监控目录结构
mkdir -p /opt/prometheus/{config,data,rule}
# 创建配置文件目录
mkdir -p /etc/prometheus/rules
Prometheus核心配置文件
# /etc/prometheus/prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
external_labels:
monitor: "cloud-native-monitor"
scrape_configs:
# Scrape Prometheus itself
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# Scrape node exporter
- job_name: 'node-exporter'
static_configs:
- targets: ['node-exporter:9100']
# Scrape Kube-state-metrics
- job_name: 'kube-state-metrics'
static_configs:
- targets: ['kube-state-metrics:8080']
# Scrape Kubernetes apiserver
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
# Scrape applications
- job_name: 'application-metrics'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
部署Prometheus服务
# prometheus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:v2.37.0
args:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus/'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
ports:
- containerPort: 9090
volumeMounts:
- name: config-volume
mountPath: /etc/prometheus
- name: data-volume
mountPath: /prometheus
volumes:
- name: config-volume
configMap:
name: prometheus-config
- name: data-volume
persistentVolumeClaim:
claimName: prometheus-pvc
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: monitoring
spec:
selector:
app: prometheus
ports:
- port: 9090
targetPort: 9090
type: ClusterIP
配置Prometheus规则文件
# /etc/prometheus/rules/application-alerts.yml
groups:
- name: application-health
rules:
- alert: HighCPUUsage
expr: rate(container_cpu_usage_seconds_total{container!="POD",container!=""}[5m]) > 0.8
for: 5m
labels:
severity: warning
annotations:
summary: "High CPU usage detected"
description: "Container {{ $labels.container }} on {{ $labels.instance }} has CPU usage above 80% for 5 minutes"
- alert: HighMemoryUsage
expr: container_memory_usage_bytes{container!="POD",container!=""} > 1073741824
for: 5m
labels:
severity: warning
annotations:
summary: "High memory usage detected"
description: "Container {{ $labels.container }} on {{ $labels.instance }} has memory usage above 1GB"
- alert: ServiceDown
expr: up{job="application-metrics"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Service is down"
description: "Service {{ $labels.job }} is down for more than 1 minute"
Grafana可视化配置
Grafana基础部署
# grafana-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: grafana/grafana-enterprise:9.4.7
ports:
- containerPort: 3000
env:
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-secret
key: admin-password
volumeMounts:
- name: grafana-storage
mountPath: /var/lib/grafana
volumes:
- name: grafana-storage
persistentVolumeClaim:
claimName: grafana-pvc
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitoring
spec:
selector:
app: grafana
ports:
- port: 3000
targetPort: 3000
type: ClusterIP
Grafana数据源配置
在Grafana中添加Prometheus数据源:
{
"name": "Prometheus",
"type": "prometheus",
"url": "http://prometheus:9090",
"access": "proxy",
"isDefault": true,
"jsonData": {
"httpMethod": "POST"
}
}
关键监控仪表板设计
系统资源监控仪表板
{
"dashboard": {
"title": "System Resource Overview",
"panels": [
{
"type": "graph",
"title": "CPU Usage",
"targets": [
{
"expr": "100 - (avg by(instance) (rate(node_cpu_seconds_total{mode='idle'}[5m])) * 100)",
"legendFormat": "{{instance}}"
}
]
},
{
"type": "graph",
"title": "Memory Usage",
"targets": [
{
"expr": "(node_memory_bytes_total - node_memory_bytes_free) / node_memory_bytes_total * 100",
"legendFormat": "{{instance}}"
}
]
},
{
"type": "graph",
"title": "Disk I/O",
"targets": [
{
"expr": "rate(node_disk_io_time_seconds_total[5m])",
"legendFormat": "{{instance}}-{{device}}"
}
]
}
]
}
}
应用服务监控仪表板
{
"dashboard": {
"title": "Application Service Monitoring",
"panels": [
{
"type": "graph",
"title": "Request Rate",
"targets": [
{
"expr": "rate(http_requests_total[5m])",
"legendFormat": "{{job}}-{{handler}}"
}
]
},
{
"type": "graph",
"title": "Response Time",
"targets": [
{
"expr": "histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket[5m])) by (le, job))",
"legendFormat": "{{job}}"
}
]
},
{
"type": "graph",
"title": "Error Rate",
"targets": [
{
"expr": "rate(http_requests_total{status=~\"5..\"}[5m]) / rate(http_requests_total[5m]) * 100",
"legendFormat": "{{job}}"
}
]
}
]
}
}
Loki日志聚合系统
Loki架构设计
Loki采用"日志聚合"而非"日志索引"的设计理念,通过以下组件构建完整的日志处理链路:
- Loki Server:日志收集和存储核心组件
- Promtail:日志采集代理,部署在每个节点上
- Boltdb-Shipper:长期存储后端
- Grafana:日志查询和可视化界面
Promtail配置文件
# /etc/promtail/promtail.yaml
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: systemd-journal
__path__: /var/log/journal/*.log
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_promtail_io_config]
action: keep
regex: true
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod
- source_labels: [__meta_kubernetes_pod_container_name]
action: replace
target_label: container
- action: replace
replacement: $1
source_labels: [__meta_kubernetes_pod_annotation_promtail_io_config]
target_label: config
- job_name: application-logs
kubernetes_sd_configs:
- role: pod
pipeline_stages:
- docker: {}
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_log_format]
action: keep
regex: json
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod
- source_labels: [__meta_kubernetes_pod_container_name]
action: replace
target_label: container
Loki服务部署
# loki-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: loki
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: loki
template:
metadata:
labels:
app: loki
spec:
containers:
- name: loki
image: grafana/loki:2.7.4
args:
- "-config.file=/etc/loki/config.yaml"
ports:
- containerPort: 3100
volumeMounts:
- name: config-volume
mountPath: /etc/loki
- name: data-volume
mountPath: /data
volumes:
- name: config-volume
configMap:
name: loki-config
- name: data-volume
persistentVolumeClaim:
claimName: loki-pvc
---
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: monitoring
spec:
selector:
app: loki
ports:
- port: 3100
targetPort: 3100
type: ClusterIP
Loki配置文件
# /etc/loki/config.yaml
auth_enabled: false
server:
http_listen_port: 3100
common:
path_prefix: /tmp/loki
storage:
filesystem:
chunks_directory: /tmp/loki/chunks
rules_directory: /tmp/loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-05-15
store: boltdb
object_store: filesystem
schema: v11
index:
prefix: index_
period: 168h
ruler:
alertmanager_url: http://alertmanager:9093
告警策略设计与管理
告警规则最佳实践
关键业务指标告警
# /etc/prometheus/rules/business-alerts.yml
groups:
- name: business-metrics
rules:
# 订单成功率告警
- alert: LowOrderSuccessRate
expr: rate(order_processed_total{status="success"}[1h]) / rate(order_processed_total[1h]) < 0.95
for: 10m
labels:
severity: critical
annotations:
summary: "Low order success rate"
description: "Order success rate dropped below 95% for more than 10 minutes"
# 用户活跃度告警
- alert: LowUserActivity
expr: rate(user_login_total[1h]) < 100
for: 30m
labels:
severity: warning
annotations:
summary: "Low user activity"
description: "User login count below 100 per hour for more than 30 minutes"
# 支付成功率告警
- alert: LowPaymentSuccessRate
expr: rate(payment_processed_total{status="success"}[5m]) / rate(payment_processed_total[5m]) < 0.98
for: 5m
labels:
severity: critical
annotations:
summary: "Low payment success rate"
description: "Payment success rate dropped below 98% for more than 5 minutes"
基础设施告警
# /etc/prometheus/rules/infrastructure-alerts.yml
groups:
- name: infrastructure-health
rules:
# 集群节点状态告警
- alert: NodeDown
expr: up{job="node-exporter"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Node down"
description: "Node {{ $labels.instance }} has been down for more than 1 minute"
# 磁盘空间告警
- alert: HighDiskUsage
expr: (node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}) / node_filesystem_size_bytes{mountpoint="/"} > 0.8
for: 10m
labels:
severity: warning
annotations:
summary: "High disk usage"
description: "Disk usage on {{ $labels.instance }} is above 80% for more than 10 minutes"
# 内存不足告警
- alert: HighMemoryUsage
expr: (node_memory_bytes_total - node_memory_bytes_free) / node_memory_bytes_total > 0.9
for: 5m
labels:
severity: critical
annotations:
summary: "High memory usage"
description: "Memory usage on {{ $labels.instance }} is above 90% for more than 5 minutes"
Alertmanager配置
# /etc/alertmanager/config.yml
global:
resolve_timeout: 5m
smtp_hello: localhost
smtp_require_tls: false
route:
group_by: ['alertname']
group_wait: 30s
group_interval: 5m
repeat_interval: 1h
receiver: 'webhook'
receivers:
- name: 'webhook'
webhook_configs:
- url: 'http://alert-webhook:8080/webhook'
send_resolved: true
- name: 'email'
email_configs:
- to: 'ops@company.com'
from: 'monitoring@company.com'
smarthost: 'smtp.company.com:587'
send_resolved: true
inhibit_rules:
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['alertname', 'dev', 'instance']
告警抑制机制
# 告警抑制规则配置
inhibit_rules:
# 当出现服务完全不可用时,抑制相关的性能告警
- source_match:
alertname: 'ServiceDown'
target_match:
alertname: 'HighCPUUsage'
equal: ['job']
# 当出现节点宕机时,抑制该节点上的所有告警
- source_match:
alertname: 'NodeDown'
target_match:
severity: 'warning'
equal: ['instance']
生产级部署最佳实践
高可用性配置
# Prometheus高可用配置示例
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: prometheus-ha
spec:
serviceName: prometheus-ha
replicas: 2
selector:
matchLabels:
app: prometheus-ha
template:
metadata:
labels:
app: prometheus-ha
spec:
containers:
- name: prometheus
image: prom/prometheus:v2.37.0
args:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus/'
- '--web.enable-lifecycle'
- '--storage.tsdb.retention.time=15d'
ports:
- containerPort: 9090
volumeMounts:
- name: config-volume
mountPath: /etc/prometheus
- name: data-volume
mountPath: /prometheus
volumes:
- name: config-volume
configMap:
name: prometheus-ha-config
性能优化配置
# Prometheus性能优化配置
global:
scrape_interval: 30s
evaluation_interval: 30s
storage:
tsdb:
retention.time: 15d
max_block_duration: 2h
min_block_duration: 2h
no_lockfile: true
allow_overlapping_blocks: false
query:
max_samples: 50000000
timeout: 2m
安全配置
# 基于RBAC的安全配置
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus
namespace: monitoring
监控系统运维与维护
常规监控指标巡检
#!/bin/bash
# 监控系统健康检查脚本
echo "=== Prometheus Health Check ==="
curl -s http://prometheus:9090/-/healthy | grep -q "healthy" && echo "Prometheus is healthy" || echo "Prometheus is unhealthy"
echo "=== Grafana Health Check ==="
curl -s http://grafana:3000/api/health | grep -q "ok" && echo "Grafana is healthy" || echo "Grafana is unhealthy"
echo "=== Loki Health Check ==="
curl -s http://loki:3100/ready | grep -q "ready" && echo "Loki is ready" || echo "Loki is not ready"
echo "=== Alertmanager Health Check ==="
curl -s http://alertmanager:9093/-/healthy | grep -q "healthy" && echo "Alertmanager is healthy" || echo "Alertmanager is unhealthy"
数据备份与恢复
# 备份策略配置
apiVersion: batch/v1
kind: CronJob
metadata:
name: prometheus-backup
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: alpine:latest
command:
- /bin/sh
- -c
- |
mkdir -p /backup/prometheus
tar -czf /backup/prometheus/$(date +%Y%m%d-%H%M%S).tar.gz /prometheus/data
# 上传到云存储
aws s3 cp /backup/prometheus/ s3://my-monitoring-backup/prometheus/ --recursive
restartPolicy: OnFailure
总结与展望
通过本文的详细介绍,我们构建了一个完整的云原生监控体系,涵盖了指标监控、日志收集和告警管理三个核心维度。该架构具有以下特点:
- 高可用性:通过多副本部署和负载均衡实现系统高可用
- 可扩展性:基于Kubernetes的容器化部署支持动态扩缩容
- 易维护性:标准化配置和自动化运维减少人工干预
- 安全性:完善的权限控制和访问管理机制
未来随着云原生技术的发展,监控体系还需要在以下方面持续优化:
- 引入AI/ML能力实现智能告警和根因分析
- 支持更多类型的监控数据源和指标类型
- 提升跨集群、跨云的统一监控能力
- 加强与DevOps流程的深度集成
通过构建这样的全栈监控体系,企业能够更好地保障应用稳定运行,提升运维效率,为业务发展提供强有力的技术支撑。
评论 (0)