安全性
NetApp Kubernetes 監控營運者組態選項
建議變更
PDF
。 "NetApp Kubernetes監控操作員" 您可以自訂安裝與組態。
下表列出 AgentConfiguration 檔案的可能選項:
| 元件 | 選項 | 說明 |
|---|---|---|
代理程式 |
操作員可以安裝的所有元件通用的組態選項。這些選項可視為「整體」選項。 |
|
dockerRepo |
相較於 Cloud Insights 泊塢視窗 repo 、 dockerRepo 會置換以從客戶的「私有」泊塢視窗資源中拉出影像。預設為 Cloud Insights 泊塢視窗 repo |
|
dockerImagePullSecret |
選用:客戶的秘密私人回購 |
|
叢集名稱 |
可唯一識別所有客戶叢集的任意文字欄位。這在 Cloud Insights 租戶中應該是唯一的。預設是客戶在 UI 中輸入的「叢集名稱」欄位 |
|
Proxy |
可選擇設定 Proxy 。這通常是客戶的公司代理。 |
|
Telegraf |
可自訂電信業者安裝的組態選項 |
|
CollectionInterval |
度量收集時間間隔(以秒為單位)(最大 = 60 秒) |
|
dsCpuLimit |
Telegraf DS 的 CPU 限制 |
|
dsMemLimit |
Telegraf DS 的記憶體限制 |
|
dsCpuRequest |
對 Telegraf DS 的 CPU 要求 |
|
dsMemRequest |
對 Telegraf DS 的記憶體要求 |
|
rsCpuLimit |
Telegraf RS 的 CPU 限制 |
|
rsMemLimit |
Telegraf RS 的記憶體限制 |
|
rsCpuRequest |
適用於 Telegraf RS 的 CPU 要求 |
|
rsMemRequest |
對 Telegraf RS 的記憶體要求 |
|
dockerMountPoint |
dockerMountPoint 路徑的置換。這適用於在 k8s 平台(例如 Cloud Foundry )上安裝非標準泊塢視窗 |
|
dockerUnixSocket |
dockerUnixSocket 路徑的置換。這適用於在 k8s 平台(例如 Cloud Foundry )上安裝非標準泊塢視窗。 |
|
CrioSockPath |
crioSockPath 路徑的置換。這適用於在 k8s 平台(例如 Cloud Foundry )上安裝非標準泊塢視窗。 |
|
RunPrivileged |
以特殊權限模式執行 Telegraf 容器。如果您的 k8s 節點上已啟用 SELinux 、請將此設定為 True |
|
批次大小 |
請參閱 "Telegraf 組態文件" |
|
bufferLimit |
請參閱 "Telegraf 組態文件" |
|
圓週期間隔 |
請參閱 "Telegraf 組態文件" |
|
CollectionJitter |
請參閱 "Telegraf 組態文件" |
|
精度 |
請參閱 "Telegraf 組態文件" |
|
FlushInterval |
請參閱 "Telegraf 組態文件" |
|
FlushJitter |
請參閱 "Telegraf 組態文件" |
|
輸出逾時 |
請參閱 "Telegraf 組態文件" |
|
啟用 DockerMetricCollection |
收集 Docker 指標。根據預設、此值會設為 true 、並會針對內部部署、泊塢視窗型的 k8s 部署收集泊塢視窗度量。若要停用泊塢視窗度量集合、請將此設定為假。 |
|
dsTolerations |
Telegraf-DS 額外的容忍度。 |
|
RsTolerations |
Telegraf-RS 額外容忍度。 |
|
Kube-state 指標 |
可自訂操作員的 kbe 狀態度量安裝的組態選項 |
|
cpuLimit |
kube 狀態度量部署的 CPU 限制 |
|
MemLimit |
kube 狀態度量部署的記憶體限制 |
|
cpuRequest |
CPU 要求進行 kube 狀態指標部署 |
|
MemRequest |
kube 狀態指標部署的記憶體要求 |
|
資源 |
以逗號分隔的資源清單、可供擷取。範例: cronjobs 、 daemonsets 、部署、擷取、工作、命名空間、節點、持續磁碟區、持續磁碟區、 Pod 、複製集、資源等量、服務、狀態集 |
|
公差 |
Kube-state - 衡量其他容忍度。 |
|
標籤 |
kube 狀態度量應擷取的資源清單(以逗號分隔) 範例: cronjobs=[*],daemonsets=[*],targets=[*],jobs=[*],命名 空間 =[*],nodes=[*], 永久卷冊 =[*] 、持續卷 =[*] 、 Pod =[*] 、複製集 =[*] 、資源 equotas=[*] 、服務 =[*] 、狀態集 =[*] |
|
記錄 |
可自訂記錄收集和安裝操作員的組態選項 |
|
readFromHead |
是非題、應能流暢地從標頭讀取記錄 |
|
逾時 |
逾時、以秒為單位 |
|
dnsMode |
TCP/UDP 、 DNS 模式 |
|
流暢的位元容忍度 |
Fluent-bit-DS 額外公差。 |
|
事件導出者容忍度 |
事件導出者額外容忍度。 |
|
工作負載對應 |
可自訂工作負載對應集合及安裝 Operator 的組態選項 |
|
cpuLimit |
Net 觀察者 DS 的 CPU 上限 |
|
MemLimit |
net 觀察者 DS 的記憶體限制 |
|
cpuRequest |
CPU 要求取得 Net 觀察者 DS |
|
MemRequest |
net 觀察者 DS 的記憶體要求 |
|
MetricAggergationInterval. |
度量集合時間間隔(以秒為單位) |
|
bpfPollInterval. |
BPF 輪詢時間間隔(秒) |
|
enabledDNSookup |
是非題、啟用 DNS 查詢 |
|
L4-公差 |
net-觀察者 -L4-DS 額外容忍度。 |
|
RunPrivileged |
是非題:如果在 Kubernetes 節點上啟用 SELinux 、請將 RunPrivileged 設為 true 。 |
|
變更管理 |
Kubernetes 變更管理與分析的組態選項 |
|
cpuLimit |
change-觀察者 water-RS 的 CPU 上限 |
|
MemLimit |
change-觀察者 water-RS 的記憶體限制 |
|
cpuRequest |
CPU 要求變更觀察者手錶 -RS |
|
MemRequest |
mem 要求 change-觀察者 water-RS |
|
Failure宣言 IntermalMins |
未成功部署工作負載的時間間隔(以分鐘為單位)將標示為失敗 |
|
deployAggrIntervalSeconds |
工作負載部署進行中事件的傳送頻率 |
|
NonWorkloadAggrIntervalSeconds |
非工作負載部署的組合與傳送頻率 |
|
termsToRedact |
用於 env 名稱和資料對應的一組規則運算式、其值將會被編修 |
|
其他 KindsToWatch |
以逗號分隔的其他種類清單、可從收集器所監控的預設種類集觀看 |
|
KindsToIgnoreFromWatch |
從收集器所監控的預設種類集中、忽略的種類清單、以逗號分隔 |
|
LogRecordAggrIntervalSeconds |
從收集器傳送記錄至 CI 的頻率 |
|
監看容忍度 |
change-觀察者 water-DS 額外容忍度。僅限精簡單行格式。 |
AgentConfiguration 檔案範例
以下是 AgentConfiguration 檔案範例。
apiVersion: monitoring.netapp.com/v1alpha1
kind: AgentConfiguration
metadata:
name: netapp-monitoring-configuration
namespace: "NAMESPACE_PLACEHOLDER"
labels:
installed-by: nkmo-NAMESPACE_PLACEHOLDER
spec:
# # You can modify the following fields to configure the operator.
# # Optional settings are commented out and include default values for reference
# # To update them, uncomment the line, change the value, and apply the updated AgentConfiguration.
agent:
# # [Required Field] A uniquely identifiable user-friendly clustername.
# # clusterName must be unique across all clusters in your Cloud Insights environment.
clusterName: "CLUSTERNAME_PLACEHOLDER"
# # Proxy settings. The proxy that the operator should use to send metrics to Cloud Insights.
# # Please see documentation here: https://docs.netapp.com/us-en/cloudinsights/task_config_telegraf_agent_k8s.html#configuring-proxy-support
# proxy:
# server:
# port:
# noproxy:
# username:
# password:
# isTelegrafProxyEnabled:
# isFluentbitProxyEnabled:
# isCollectorsProxyEnabled:
# # [Required Field] By default, the operator uses the CI repository.
# # To use a private repository, change this field to your repository name.
# # Please see documentation here: https://docs.netapp.com/us-en/cloudinsights/task_config_telegraf_agent_k8s.html#using-a-custom-or-private-docker-repository
dockerRepo: 'DOCKER_REPO_PLACEHOLDER'
# # [Required Field] The name of the imagePullSecret for dockerRepo.
# # If you are using a private repository, change this field from 'docker' to the name of your secret.
{{ if not (contains .Values.config.cloudType "aws") }}# {{ end -}}
dockerImagePullSecret: 'docker'
# # Allow the operator to automatically rotate its ApiKey before expiration.
# tokenRotationEnabled: '{{ .Values.telegraf_installer.kubernetes.rs.shim_token_rotation }}'
# # Number of days before expiration that the ApiKey should be rotated. This must be less than the total ApiKey duration.
# tokenRotationThresholdDays: '{{ .Values.telegraf_installer.kubernetes.rs.shim_token_rotation_threshold_days }}'
telegraf:
# # Settings to fine-tune metrics data collection. Telegraf config names are included in parenthesis.
# # See https://github.com/influxdata/telegraf/blob/master/docs/CONFIGURATION.md#agent
# # The default time telegraf will wait between inputs for all plugins (interval). Max=60
# collectionInterval: '{{ .Values.telegraf_installer.agent_resources.collection_interval }}'
# # Maximum number of records per output that telegraf will write in one batch (metric_batch_size).
# batchSize: '{{ .Values.telegraf_installer.agent_resources.metric_batch_size }}'
# # Maximum number of records per output that telegraf will cache pending a successful write (metric_buffer_limit).
# bufferLimit: '{{ .Values.telegraf_installer.agent_resources.metric_buffer_limit }}'
# # Collect metrics on multiples of interval (round_interval).
# roundInterval: '{{ .Values.telegraf_installer.agent_resources.round_interval }}'
# # Each plugin waits a random amount of time between the scheduled collection time and that time + collection_jitter before collecting inputs (collection_jitter).
# collectionJitter: '{{ .Values.telegraf_installer.agent_resources.collection_jitter }}'
# # Collected metrics are rounded to the precision specified. When set to "0s" precision will be set by the units specified by interval (precision).
# precision: '{{ .Values.telegraf_installer.agent_resources.precision }}'
# # Time telegraf will wait between writing outputs (flush_interval). Max=collectionInterval
# flushInterval: '{{ .Values.telegraf_installer.agent_resources.flush_interval }}'
# # Each output waits a random amount of time between the scheduled write time and that time + flush_jitter before writing outputs (flush_jitter).
# flushJitter: '{{ .Values.telegraf_installer.agent_resources.flush_jitter }}'
# # Timeout for writing to outputs (timeout).
# outputTimeout: '{{ .Values.telegraf_installer.http_output_plugin.timeout }}'
# # telegraf-ds CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
dsCpuLimit: '{{ .Values.telegraf_installer.telegraf_resources.ds_cpu_limits }}'
dsMemLimit: '{{ .Values.telegraf_installer.telegraf_resources.ds_mem_limits }}'
dsCpuRequest: '{{ .Values.telegraf_installer.telegraf_resources.ds_cpu_request }}'
dsMemRequest: '{{ .Values.telegraf_installer.telegraf_resources.ds_mem_request }}'
# # telegraf-rs CPU/Mem limits and requests.
rsCpuLimit: '{{ .Values.telegraf_installer.telegraf_resources.rs_cpu_limits }}'
rsMemLimit: '{{ .Values.telegraf_installer.telegraf_resources.rs_mem_limits }}'
rsCpuRequest: '{{ .Values.telegraf_installer.telegraf_resources.rs_cpu_request }}'
rsMemRequest: '{{ .Values.telegraf_installer.telegraf_resources.rs_mem_request }}'
# # telegraf additional tolerations. Use the following abbreviated single line format only.
# # Inspect telegraf-rs/-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# dsTolerations: ''
# rsTolerations: ''
# # Set runPrivileged to true if SELinux is enabled on your Kubernetes nodes.
# runPrivileged: 'false'
# # Collect NFS IO metrics.
# dsNfsIOEnabled: '{{ .Values.telegraf_installer.kubernetes.ds.shim_nfs_io_processing }}'
# # Collect kubernetes.system_container metrics and objects in the kube-system|cattle-system namespaces for managed kubernetes clusters (EKS, AKS, GKE, managed Rancher). Set this to true if you want collect these metrics.
# managedK8sSystemMetricCollectionEnabled: '{{ .Values.telegraf_installer.kubernetes.shim_managed_k8s_system_metric_collection }}'
# # Collect kubernetes.pod_volume (pod ephemeral storage) metrics. Set this to true if you want to collect these metrics.
# podVolumeMetricCollectionEnabled: '{{ .Values.telegraf_installer.kubernetes.shim_pod_volume_metric_collection }}'
# # Declare Rancher cluster as managed. Set this to true if your Rancher cluster is managed as opposed to on-premise.
# isManagedRancher: '{{ .Values.telegraf_installer.kubernetes.is_managed_rancher }}'
# kube-state-metrics:
# # kube-state-metrics CPU/Mem limits and requests. By default, when unset, kube-state-metrics has no CPU/Mem limits nor request.
# cpuLimit:
# memLimit:
# cpuRequest:
# memRequest:
# # Comma-separated list of metrics to enable.
# # See metric-allowlist in https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
# resources: 'cronjobs,daemonsets,deployments,ingresses,jobs,namespaces,nodes,persistentvolumeclaims,persistentvolumes,pods,replicasets,resourcequotas,services,statefulsets'
# # Comma-separated list of Kubernetes label keys that will be used in the resources' labels metric.
# # See metric-labels-allowlist in https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
# labels: 'cronjobs=[*],daemonsets=[*],deployments=[*],ingresses=[*],jobs=[*],namespaces=[*],nodes=[*],persistentvolumeclaims=[*],persistentvolumes=[*],pods=[*],replicasets=[*],resourcequotas=[*],services=[*],statefulsets=[*]'
# # kube-state-metrics additional tolerations. Use the following abbreviated single line format only.
# # No tolerations are applied by default
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# tolerations: ''
# # Settings for the Events Log feature.
# logs:
# # If Fluent Bit should read new files from the head, not tail.
# # See Read_from_Head in https://docs.fluentbit.io/manual/pipeline/inputs/tail
# readFromHead: "true"
# # Network protocol that Fluent Bit should use for DNS: "UDP" or "TCP".
# dnsMode: "UDP"
# # Logs additional tolerations. Use the following abbreviated single line format only.
# # Inspect fluent-bit-ds to view tolerations which are always present. No tolerations are applied by default for event-exporter.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# fluent-bit-tolerations: ''
# event-exporter-tolerations: ''
# # Settings for the Network Performance and Map feature.
# workload-map:
# # net-observer-l4-ds CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# cpuLimit: '500m'
# memLimit: '500Mi'
# cpuRequest: '100m'
# memRequest: '500Mi'
# # Metric aggregation interval in seconds. Min=30, Max=120
# metricAggregationInterval: '60'
# # Interval for bpf polling. Min=3, Max=15
# bpfPollInterval: '8'
# # Enable performing reverse DNS lookups on observed IPs.
# enableDNSLookup: 'true'
# # net-observer-l4-ds additional tolerations. Use the following abbreviated single line format only.
# # Inspect net-observer-l4-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# l4-tolerations: ''
# # Set runPrivileged to true if SELinux is enabled on your Kubernetes nodes.
# # Note: In OpenShift environments, this is set to true automatically.
# runPrivileged: 'false'
# change-management:
# # change-observer-watch-rs CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# cpuLimit: '500m'
# memLimit: '500Mi'
# cpuRequest: '100m'
# memRequest: '500Mi'
# # Interval in minutes after which a non-successful deployment of a workload will be marked as failed
# failureDeclarationIntervalMins: '30'
# # Frequency at which workload deployment in-progress events are sent
# deployAggrIntervalSeconds: '300'
# # Frequency at which non-workload deployments are combined and sent
# nonWorkloadAggrIntervalSeconds: '15'
# # A set of regular expressions used in env names and data maps whose value will be redacted
# termsToRedact: '"pwd", "password", "token", "apikey", "api-key", "jwt"'
# # A comma separated list of additional kinds to watch from the default set of kinds watched by the collector
# # Each kind will have to be prefixed by its apigroup
# # Example: 'authorization.k8s.io.subjectaccessreviews'
# additionalKindsToWatch: ''
# # A comma separated list of kinds to ignore from watching from the default set of kinds watched by the collector
# # Each kind will have to be prefixed by its apigroup
# # Example: 'networking.k8s.io.networkpolicies,batch.jobs'
# kindsToIgnoreFromWatch: ''
# # Frequency with which log records are sent to CI from the collector
# logRecordAggrIntervalSeconds: '20'
# # change-observer-watch-ds additional tolerations. Use the following abbreviated single line format only.
# # Inspect change-observer-watch-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# watch-tolerations: ''----