1.2.2. 启用可观察性
通过创建一个 MultiClusterObservability 自定义资源(CR)实例来启用可观察性服务。在启用可观察性前,请参阅 Observability pod 容量请求 以了解更多信息。完成以下步骤以启用可观察服务:
- 登录到您的 Red Hat Advanced Cluster Management hub 集群。
使用以下命令,为可观察服务创建一个命名空间:
oc create namespace open-cluster-management-observability
生成 pull-secret。如果在
open-cluster-management命名空间中安装了 Red Hat Advanced Cluster Management,请运行以下命令:DOCKER_CONFIG_JSON=`oc extract secret/multiclusterhub-operator-pull-secret -n open-cluster-management --to=-`
如果命名空间中没有定义
multiclusterhub-operator-pull-secret,将openshift-config命名空间中的pull-secret复制到open-cluster-management-observability命名空间中。运行以下命令:DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-`
然后,在
open-cluster-management-observability命名空间中创建 pull-secret,运行以下命令:oc create secret generic multiclusterhub-operator-pull-secret \ -n open-cluster-management-observability \ --from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \ --type=kubernetes.io/dockerconfigjson为您的云供应商的对象存储创建 secret。您的 secret 必须包含存储解决方案的凭证。例如,运行以下命令:
oc create -f thanos-object-storage.yaml -n open-cluster-management-observability
查看以下受支持对象存储的 secret 示例:
对于 Red Hat Advanced Cluster Management,您的 secret 可能类似以下文件:
apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: s3 config: bucket: YOUR_S3_BUCKET endpoint: YOUR_S3_ENDPOINT insecure: true access_key: YOUR_ACCESS_KEY secret_key: YOUR_SECRET_KEY对于 Amazon S3 或 S3 兼容,您的 secret 可能类似以下文件:
apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: s3 config: bucket: YOUR_S3_BUCKET endpoint: YOUR_S3_ENDPOINT insecure: true access_key: YOUR_ACCESS_KEY secret_key: YOUR_SECRET_KEY对于 Google,您的 secret 可能类似以下文件:
apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: GCS config: bucket: YOUR_GCS_BUCKET service_account: YOUR_SERVICE_ACCOUNT如需了解更多详细信息,请参阅 Google Cloud Storage。
对于 Azure,您的 secret 可能类似以下文件:
apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: AZURE config: storage_account: YOUR_STORAGE_ACCT storage_account_key: YOUR_STORAGE_KEY container: YOUR_CONTAINER endpoint: blob.core.windows.net max_retries: 0如需了解更多详细信息,请参阅 Azure Storage 文档。
对于 OpenShift Container Storage,您的 secret 可能类似以下文件:
apiVersion: v1 kind: Secret metadata: name: thanos-object-storage namespace: open-cluster-management-observability type: Opaque stringData: thanos.yaml: | type: s3 config: bucket: YOUR_OCS_BUCKET endpoint: YOUR_OCS_ENDPOINT insecure: true access_key: YOUR_OCS_ACCESS_KEY secret_key: YOUR_OCS_SECRET_KEY如需了解更多详细信息,请参阅安装 OpenShift Container Storage。
您可以使用以下命令为云供应商检索 S3 access key 和 secret 密钥:
ACCESS_KEY=$(oc -n <your-object-storage> get secret <object-storage-secret> -o yaml | grep AccessKey | awk '{print $2}' | base64 --decode) echo $ACCESS_KEY SECRET_KEY=$(oc -n <your-object-storage> get secret <object-storage-secret> -o yaml | grep SecretKey | awk '{print $2}' | base64 --decode) echo $SECRET_KEY
1.2.2.1. 创建 MultiClusterObservability CR
完成以下步骤以创建 MultiClusterObservability 自定义资源(CR):
通过完成以下步骤,为受管集群创建
MultiClusterObservability自定义资源(mco CR):创建名为
multiclusterobservability_cr.yaml的MultiClusterObservability自定义资源 YAML 文件。查看以下默认 YAML 文件以查看可观察性:
apiVersion: observability.open-cluster-management.io/v1beta1 kind: MultiClusterObservability metadata: name: observability #Your customized name of MulticlusterObservability CR spec: availabilityConfig: High # Available values are High or Basic enableDownSampling: false # The default value is false. This is not recommended as querying long-time ranges without non-downsampled data is not efficient and useful. imagePullPolicy: Always imagePullSecret: multiclusterhub-operator-pull-secret observabilityAddonSpec: # The ObservabilityAddonSpec defines the global settings for all managed clusters which have observability add-on enabled enableMetrics: true # EnableMetrics indicates the observability addon push metrics to hub server interval: 30 # Interval for the observability addon push metrics to hub server retentionResolution1h: 30d # How long to retain samples of 1 hour in bucket retentionResolution5m: 14d retentionResolutionRaw: 5d storageConfigObject: # Specifies the storage to be used by Observability metricObjectStorage: name: thanos-object-storage key: thanos.yaml statefulSetSize: 10Gi # The amount of storage applied to the Observability StatefulSets, i.e. Amazon S3 store, Rule, compact and receiver. statefulSetStorageClass: gp2您可能想要修改
retentionResolution参数的值。默认情况下禁用了向下采样。如需更多信息,请参阅 Thanos Downsampling 分辨率和保留时间。取决于受管集群的数量,您可能需要更新statefulSetSize。如需更多信息,请参阅 Observability API。要在基础架构机器集上部署,您必须通过更新
MultiClusterObservabilityYAML 中的nodeSelector来为设置设置一个标签。您的 YAML 可能类似以下内容:nodeSelector: node-role.kubernetes.io/infra:如需更多信息,请参阅创建基础架构机器集。
运行以下命令,将可观察 YAML 应用到集群:
oc apply -f multiclusterobservability_cr.yaml
用于 Thanos、Grafana 和 AlertManager 的所有 pod 在
open-cluster-management-observability命名空间中创建。所有连接到 Red Hat Advanced Cluster Management hub 集群的受管集群都会被启用,以将指标数据发送回 Red Hat Advanced Cluster Management Observability 服务。
要验证是否已启用了 observabilty 服务,启动 Grafana 仪表板,查看其中是否包括了相关的数据。完成以下步骤:
- 登录到 Red Hat Advanced Cluster Management 控制台。
- 在导航菜单中选择 Observe environments > Overview。
点击位于控制台标头旁的 Grafana 链接,从您的受管集群中查看指标。
注:如果要排除特定的受管集群收集可观察性数据,请在集群中添加以下集群标签:
observability: disabled。