需求: 如何在kubesphere-monitoring-system 之外的命名空间,使用kubesphere-monitoring-system 的 prometheus-operator 定义新的 prometheus 实例?
如何在kubesphere-monitoring-system 之外的命名空间定义新的 prometheus 实例?
yuswiftK零S
这个取决于operator监听的crd的scope是cluster级别的还是ns级别的 以及他默认创建的ns在哪里 可以看看这个operator的文档
- 已编辑
yuswift 好的 谢谢。
您好,我看了 prometheus-operator 的文档
prometheus-operator 的文档地址:https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/rbac.md
# kubectl get serviceaccount -n kubesphere-monitoring-system | grep prometheus
prometheus-k8s 1 53d
prometheus-operator 1 53d# kubectl get clusterroles -n kubesphere-monitoring-system |grep prometheus | grep operator
kubesphere-prometheus-operator 2021-02-24T05:49:55Z# kubectl get clusterrolebinding -n kubesphere-monitoring-system | grep prometheus
kubesphere-prometheus-k8s ClusterRole/kubesphere-prometheus-k8s 81d
kubesphere-prometheus-operator ClusterRole/kubesphere-prometheus-operator 81d在 test-monitor 命名空间创建的 prometheus 的状态,
# kubectl get prometheus -n test-monitor -o wide
NAME VERSION REPLICAS AGE
k8s-business v2.26.0 1 4d3h但是没有相关的prometheus pod以及service等资源
下图可以看到对应的资源已经创建出来:
但是对应的ns下却没有任何的资源。
不知道是不是这里的影响:
4 天 后
CarsonyangK零S
看下 prometheus-operator 的日志
- 已编辑
prometheus-operator 的日志的内容如下:
E0524 07:35:08.021304 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "statefulsets" in API group "apps" at the cluster scope
E0524 07:35:11.943821 1 reflector.go:383] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to watch *v1.Namespace: unknown (get namespaces)
E0524 07:35:14.947929 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.Prometheus: prometheuses.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "prometheuses" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:16.707774 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.Alertmanager: alertmanagers.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "alertmanagers" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:17.633721 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "statefulsets" in API group "apps" at the cluster scope
E0524 07:35:20.742051 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "statefulsets" in API group "apps" at the cluster scope
E0524 07:35:21.358569 1 reflector.go:383] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to watch *v1.Namespace: unknown (get namespaces)
E0524 07:35:21.816254 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "configmaps" in API group "" at the cluster scope
E0524 07:35:26.432249 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.ThanosRuler: thanosrulers.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "thanosrulers" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:30.571484 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.ServiceMonitor: servicemonitors.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "servicemonitors" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:31.287822 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "secrets" in API group "" at the cluster scope
E0524 07:35:33.312946 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.PrometheusRule: prometheusrules.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "prometheusrules" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:33.374110 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.PrometheusRule: prometheusrules.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "prometheusrules" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:44.417281 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "statefulsets" in API group "apps" at the cluster scope
E0524 07:35:46.941357 1 reflector.go:383] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to watch *v1.Namespace: unknown (get namespaces)
E0524 07:35:48.492796 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.PodMonitor: podmonitors.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "podmonitors" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:50.991236 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "configmaps" in API group "" at the cluster scope
E0524 07:35:55.931929 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.Prometheus: prometheuses.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "prometheuses" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:55.961965 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.Probe: probes.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "probes" in API group "monitoring.coreos.com" at the cluster scope
E0524 07:35:56.659931 1 reflector.go:383] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to watch *v1.Namespace: unknown (get namespaces)
E0524 07:35:57.280440 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "statefulsets" in API group "apps" at the cluster scope
E0524 07:36:01.159024 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.8/tools/cache/reflector.go:125: Failed to list *v1.ThanosRuler: thanosrulers.monitoring.coreos.com is forbidden: User "system:serviceaccount:kubesphere-monitoring-system:prometheus-operator" cannot list resource "thanosrulers" in API group "monitoring.coreos.com" at the cluster scope这种能确认是 prometheus-operater 的权限问题么? 怎么样修复这个问题?
- yuswiftK零S
xuanyuanaosheng 报错很明显 你的权限不够 配置一下rbac
yuswift 收到 谢谢