kubernetes v1.7.6 升级到kubernetes v1.11.2的 prometheus告警规则问题记录

一.访问prometheus的url改变

v1.7.6

服务

[root@test ~]# kubectl get svc -n kube-system | grep prometheus-monitor
prometheus-monitor      10.14.150.48   10.39.0.116   9090/TCP         363d

访问方式

[root@test-master-113 ~]# curl  -H 'Authorization: Bearer fda3db7e3598f825xxxx'  --insecure https://10.39.0.113:6443/api/v1/proxy/namespaces/kube-system/services/prometheus-monitor:9090/
"/graph">Found.

这里的token是 kubernetes master token(api token)

v1.11.2

服务

[root@master-47-35 test]# kubectl get svc -n kube-system | grep prometheus-monitor
prometheus-monitor         ClusterIP   10.254.19.60    10.39.47.32   9090/TCP        8d

访问方式

[root@master-47-35 test]# curl  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXR2cWo5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyOWRlMTlhZS1hNzVhLTExZTgtODIzMS01MjU0ZTk4MTkyYWUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.vlv0WCjmbAmRxhewxXQKkpb4AEwQNu00w-7rGm_G0nHPeGNyHijhnL1H-oQ5gmBfsFA2l13EVcuuVXWbxG2GPlskxt53spyWadbkCsu9L0Kilf4P2SHPaxkx5GMxRx4RxJzT9m2jrJzIKZxZIHR32JQcdjySZaHcDnYbhn8rvQiTwMiQyvn-6A1COG6P22hNRng9oLfbusk41lHb2l5Az2Op3688Zn_V5iK-_E41Kvf35goKxTO9GvOrkGug0vwVBD_1ZA9P4cK3cHXbeQKKchAebwhVaYgV2eftWOFcKvVdYc_iIOrGYtKAiZI3yzUricq_c80lLdG2ALNjTu_NJQ'  --insecure https://10.39.47.35:6443/api/v1/namespaces/kube-system/services/prometheus-monitor:9090/proxy/
"/graph">Found.

需要添加RBAC

有可能会报system:serviceaccount:default没有权限取相关的资源
所以要创建绑定ClusterRole中的cluster-admin角色

[root@master-47-35 prome]# cat default.yaml 
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: default
subjects:
- kind: ServiceAccount
  name: default
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: ""

注意 /proxy/ 调换了位置

二. 生成的pod的正则规则改变

v1.7.6

[root@test-master-113 ~]# kubectl get pods -n kube-system 
NAME                                        READY     STATUS        RESTARTS   AGE
alertmanager-1589824335-5k3xl               1/1       Running       0          61d
billing-server-2274020064-fg1rm             1/1       Running       0          138d

纯数字2274020064

正则pod的正则

^%s-[0-9]{5,15}-[0-9a-zA-Z]{5}$

v1.11.2

[root@master-47-35 prome]# kubectl get pods -n kube-system 
NAME                                       READY     STATUS    RESTARTS   AGE
alertmanager-6d477c8678-g7n9k              1/1       Running   0          4d
calico-kube-controllers-65945f849d-nqbz9   1/1       Running   2          17d

有了字母
修改了生成正则65945f849d
匹配正则

^%s-[0-9a-zA-Z]{5,15}-[0-9a-zA-Z]{5}$