mirror of
https://github.com/prometheus-community/windows_exporter.git
synced 2026-02-08 05:56:37 +00:00
Add HostProcess Container Configuration for k8s
Co-authored-by: Brian Redmond <brianisrunning@gmail.com> Signed-off-by: Brian Redmond <brianisrunning@gmail.com> Signed-off-by: James Sturtevant <jstur@microsoft.com>
This commit is contained in:
James Sturtevant
committed by
James Sturtevant
James Sturtevant
parent
e07b2053af
commit
b450a50103
91
kubernetes/kubernetes.md
Normal file
91
kubernetes/kubernetes.md
Normal file
@@ -0,0 +1,91 @@
|
||||
# windows_exporter on Kubernetes
|
||||
|
||||
With Kubernetes supporting HostProcess containers on Windows nodes (as of [v1.22](https://kubernetes.io/blog/2021/08/16/windows-hostprocess-containers/), it is useful to run the `windows_exporter` as a container on Windows to export metrics for your Prometheus implementation. Read the [Kubernetes HostProcess documentation](https://kubernetes.io/docs/tasks/configure-pod-container/create-hostprocess-pod/) for more information.
|
||||
|
||||
Requirements:
|
||||
|
||||
- Kubernetes 1.22+
|
||||
- containerd 1.6 Beta+
|
||||
- WindowsHostProcessContainers feature-gate turned on for `kube-apiserver` and `kubelet`
|
||||
|
||||
> IMPORTANT: This does not work unless you are specifically targeting Host Process Containers with Containerd (Docker doesn't have support). The image will build but will **not** be able to access the host.
|
||||
|
||||
## Container Image
|
||||
|
||||
The image is multi arch image (WS 2019, WS 2022) built on Windows. To build the images:
|
||||
|
||||
```
|
||||
DOCKER_REPO=<your repo> make push-all
|
||||
```
|
||||
|
||||
If you don't have a version of `make` on your Windows machine, You can use WSL to build the image with Windows Containers by creating a symbolic link to the docker cli and then override the docker command in the `Makefile`:
|
||||
|
||||
On Windows:
|
||||
```
|
||||
Item -ItemType SymbolicLink -Path "c:\docker" -Target "C:\Program Files\Docker\Docker\resources\bin\docker.exe"
|
||||
|
||||
In WSL:
|
||||
```
|
||||
DOCKER_REPO=<your repo> DOCKER=/mnt/c/docker make push-all
|
||||
```
|
||||
|
||||
## Kubernetes Quick Start
|
||||
|
||||
Before beginning you need to deploy the [prometheus operator](https://github.com/prometheus-operator/prometheus-operator) to your cluster. As a quick start, you can use a project like https://github.com/prometheus-operator/kube-prometheus. The export itself doesn't have any dependency on prometheus operator and the exporter image can be used in manual configurations.
|
||||
|
||||
### Windows Exporter DaemonSet
|
||||
|
||||
This create a deployment on every node. A config map is created for to handle the configuration of the Windows exporter with [configuration file](../README.md#using-a-configuration-file). Adjust the configuration file for the collectors you are interested in.
|
||||
|
||||
```bash
|
||||
kubectl apply -f kubernetes/windows-exporter-daemonset.yaml
|
||||
```
|
||||
|
||||
> Note: This example manifest deploys the latest bleeding edge image `ghcr.io/prometheus-community/windows-exporter:latest` built from the main branch. You should update this to use a released version which you can find at https://github.com/prometheus-community/windows_exporter/releases
|
||||
|
||||
#### Configuring the firewall
|
||||
The firewall on the node needs to be configured to allow connections on the node: `New-NetFirewallRule -DisplayName 'windows-exporter' -Direction inbound -Profile Any -Action Allow -LocalPort 9182 -Protocol TCP`
|
||||
|
||||
You could do this by adding an init container but if you remove the deployment at a later date you will need to remove the firewall rule manually. The following could be added to the `windows-exporter-daemonset.yaml`:
|
||||
|
||||
```
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: configure-firewall
|
||||
image: mcr.microsoft.com/windows/nanoserver:1809
|
||||
command: ["powershell"]
|
||||
args: ["New-NetFirewallRule", "-DisplayName", "'windows-exporter'", "-Direction", "inbound", "-Profile", "Any", "-Action", "Allow", "-LocalPort", "9182", "-Protocol", "TCP"]
|
||||
```
|
||||
|
||||
### Prometheus PodMonitor
|
||||
|
||||
Create the [Pod Monitor](https://prometheus-operator.dev/docs/operator/design/#podmonitor) to configure the scraping:
|
||||
|
||||
```bash
|
||||
kubectl apply -f windows-exporter-podmonitor.yaml
|
||||
```
|
||||
|
||||
### View Metrics
|
||||
|
||||
Open Prometheus with
|
||||
|
||||
```
|
||||
kubectl --namespace monitoring port-forward svc/prometheus-k8s 9091:9090
|
||||
```
|
||||
|
||||
Navigate to prometheus UI and add a query to see node cpu (replacing with your ip address)
|
||||
|
||||
```
|
||||
sum by (mode) (irate(windows_cpu_time_total{instance="10.1.0.5:9182"}[5m]))
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
## Configuring TLS
|
||||
|
||||
It is possible to configure TLS of the solution using `--web.config.file`. Read more at https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md
|
||||
61
kubernetes/windows-exporter-daemonset.yaml
Normal file
61
kubernetes/windows-exporter-daemonset.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
app: windows-exporter
|
||||
name: windows-exporter
|
||||
namespace: monitoring
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: windows-exporter
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: windows-exporter
|
||||
spec:
|
||||
securityContext:
|
||||
windowsOptions:
|
||||
hostProcess: true
|
||||
runAsUserName: "NT AUTHORITY\\system"
|
||||
hostNetwork: true
|
||||
initContainers:
|
||||
- name: configure-firewall
|
||||
image: mcr.microsoft.com/windows/nanoserver:1809
|
||||
command: ["powershell"]
|
||||
args: ["New-NetFirewallRule", "-DisplayName", "'windows-exporter'", "-Direction", "inbound", "-Profile", "Any", "-Action", "Allow", "-LocalPort", "9182", "-Protocol", "TCP"]
|
||||
containers:
|
||||
- args:
|
||||
- --config.file=%CONTAINER_SANDBOX_MOUNT_POINT%/config.yml
|
||||
name: windows-exporter
|
||||
image: ghcr.io/prometheus-community/windows-exporter:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 9182
|
||||
hostPort: 9182
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: windows-exporter-config
|
||||
mountPath: /config.yml
|
||||
subPath: config.yml
|
||||
nodeSelector:
|
||||
kubernetes.io/os: windows
|
||||
volumes:
|
||||
- name: windows-exporter-config
|
||||
configMap:
|
||||
name: windows-exporter-config
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: windows-exporter-config
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app: windows-exporter
|
||||
data:
|
||||
config.yml: |
|
||||
collectors:
|
||||
enabled: '[defaults],container'
|
||||
collector:
|
||||
service:
|
||||
services-where: "Name='containerd' or Name='kubelet'"
|
||||
15
kubernetes/windows-exporter-podmonitor.yaml
Normal file
15
kubernetes/windows-exporter-podmonitor.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
labels:
|
||||
app: windows-exporter
|
||||
name: windows-exporter
|
||||
namespace: monitoring
|
||||
spec:
|
||||
jobLabel: windows-exporter
|
||||
selector:
|
||||
matchLabels:
|
||||
app: windows-exporter
|
||||
podMetricsEndpoints:
|
||||
- port: http
|
||||
scheme: http
|
||||
Reference in New Issue
Block a user