This topic describes how to connect a Kubernetes cluster over the Internet to a Prometheus instance and enable authentication.

Prerequisites

A self-managed Kubernetes cluster is connected to an Alibaba Cloud data center. For more information, see Create a cluster registration proxy and register an on-premises cluster.

Scenarios

  • Connect a third-party or self-managed Kubernetes cluster to Application Real-Time Monitoring Service (ARMS) Prometheus.
  • Connect an Alibaba Cloud Container Service for Kubernetes (ACK) cluster or a registered third-party Kubernetes cluster to ARMS Prometheus over the Internet.
Note If your Kubernetes cluster is connected to the Alibaba Cloud internal network, see Create a Prometheus instance for a Kubernetes cluster.

Step 1: Install a Prometheus agent

  1. Log on to the ARMS console.
  2. In the left-side navigation pane, choose Prometheus Monitoring > Prometheus Instances.
  3. In the top navigation bar of the Prometheus Monitoring page, select a region. Then, click Access Prometheus monitoring in the upper-right corner of the page.
  4. On the Access Prometheus monitoring page, click Self-built Kubernetes cluster.
  5. In the upper-right corner of the Access User-created Kubernetes cluster panel, select the region from which the Kubernetes cluster is connected, and then perform the following steps:
    1. Specify the name of the Prometheus instance and click New.
    2. Run the following command to add Alibaba Cloud Helm repository.
      Notice The commands that you run to add Helm repositories vary by region. You can replace the {region_id} parameter in the preceding command by selecting a new region. You can also obtain the actual command directly from the Access User-Created Kubernetes cluster panel.
      helm repo add aliyun http://aliacs-k8s-{region_id}.oss-{region_id}.aliyuncs.com/app/charts-incubator/
    3. Run the command in the Install Prometheus agent section to install the Prometheus agent for the self-managed Kubernetes cluster.
      helm install arms-prom-operator aliyun/ack-arms-prometheus \
        --namespace arms-prom \
        -- set controller.cluster_id=$CLUSTER_ID \ // Obtain the cluster ID from the Install Prometheus agent section. 
        -- set controller.uid="***" \ // Obtain the UID from the Install Prometheus agent section. 
        -- set controller.region_id=*** \ // Obtain the Region ID from the Install Prometheus agent section. 
        -- set controller.vpc_prefix=registry. // Pull images from a container registry over the Internet. You do not need to set this parameter if your image is stored in the internal network of Alibaba Cloud. 
      Note For more information, see Parameters of the Helm command.

Step 2: Generate an authentication token

To remotely write data to ARMS Prometheus from a Kubernetes cluster over the Internet, you need an authentication token.

  1. Log on to the ARMS console.
  2. In the left-side navigation pane, choose Prometheus Monitoring > Prometheus Instances.
  3. In the top navigation bar, select a region.
  4. On the Prometheus Monitoring page, click the name of the Kubernetes cluster.
  5. In the left-side navigation pane, click Settings. On the page that appears, click the Settings tab.
  6. On the Settings tab, click Generate Token. Then, copy and save the token.
    Copy a token

Step 3: Configure the Kubernetes cluster

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, click the name of the cluster that you want to configure, or click Details in the Actions column of the cluster.
  4. In the left-side navigation pane of the details page, choose Workloads > Deployments.
  5. In the top navigation bar of the Deployments page, select arms-prom from the Namespace drop-down list.
  6. In the Actions column to the right of the arms-prometheus-ack-arms-prometheus cluster, choose More > View YAML.
  7. In the Edit YAML dialog box, add the following parameters in the args field.
    - '--mode=public'
    - '--accessKey=***'
    - '--accessSecret=***'
    Note Replace the values of accessKey and accessSecret with the AccessKey ID and AccessKey Secret that are used to generate the authentication token in Step 2. For more information about how to obtain an AccessKey pair, see Obtain an AccessKey pair. After you configure the accessKey and accessSecret parameters, ARMS Prometheus automatically verifies the token that is obtained in Step 2.
    Connect a Kubernetes cluster to ARMS Prometheus over the Internet
  8. After you edit the YAML file, click Update.

Verify the result

  1. Log on to the ARMS console.
  2. In the left-side navigation pane, choose Prometheus Monitoring > Prometheus Instances.
  3. In the top navigation bar of the Prometheus Monitoring page, select the region where the Prometheus instance resides.
    Check whether the data in the connected self-managed Kubernetes cluster is monitored. View a connected Kubernetes cluster