Tencent Cloud Observability Platform
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Application Performance Management
- Pay-as-you-go (Postpaid)
- Packages (Prepaid)
- Mobile App Performance Monitoring
- Real User Monitoring
- Cloud Automated Testing
- Prometheus Monitoring
- Pay-as-You-Go (Postpaid)
- Quick Start
- EventBridge
- Cloud Product Monitoring
- Tencent Cloud Service Metrics
- Microservice
- Networking
- TencentDB
- TencentDB for Redis Monitoring Metrics
- CPM
- CDN And EdgeOne
- Operation Guide
- Cloud Monitoring Overview
- Monitoring View
- CM Connection to Grafana
- Troubleshooting
- Application Performance Management
- Access Guide
- Accessing Go Application
- Accessing Java Application
- Accessing Python Application
- Accessing Node.js Application
- Accessing PHP Application
- Accessing .NET Application
- Operation Guide
- Resource Management
- Application Monitoring
- Application Diagnosis
- Database Call Monitoring
- Access Management
- Alarm Service
- System Configuration
- Associate Logs
- Inject TraceID Into Logs
- Practical Tutorial
- Parameter Information
- APM Data Protocol Standard
- Mobile App Performance Monitoring
- Access Guide
- Android Use Cases
- iOS Use Cases
- Tencent Cloud Real User Monitoring
- Operation Guide
- Application Management
- Access Management
- Resource Tag
- Connection Guide
- Web Use Cases
- Cloud Automated Testing
- Operation Guide
- Creating Test Task
- Testing Statistics
- Access Management
- References
- Testing Nodes
- FAQs
- Performance Testing Service
- Operation Guide
- Performance Testing in Script Mode
- Script Examples
- HTTP-based Performance Testing
- Performance Testing in JMeter Mode
- Project Management
- Scenario Management
- Advanced Configuration
- Export Stress Test Indicators
- Traffic Recording
- Performance Testing Report
- Access Control
- Alarm Management
- Tag Management
- Practice Tutorial
- JavaScript API List
- pts/http
- Response
- pts/dataset
- pts/grpc
- pts/jsonpath
- pts/redis
- pts/url
- URL
- pts/util
- pts/ws
- pts/socketio
- socketio
- pts/socket
- Prometheus Monitoring
- Product Introduction
- Access Guide
- EMR Integration
- Java Application Integration
- Exporter Integration
- Operation Guide
- Instance
- Recording Rule
- Alerting Rule
- Access Control
- TKE Metrics
- Practical Tutorial
- Terraform
- Grafana
- Operation Guide
- Instance
- Tencent Cloud Service Integration
- Plugin Management
- Dashboard
- Operation Guide
- Configuring Dashboard
- Monitoring Charts
- Creating Chart
- Use Cases of Different Chart Types
- Alarm Management
- Console Operation Guide
- Alarm Policy
- Configuring alert trigger conditions
- Alarm Notification
- Alarm Callback
- Alarm Receiving Channels and SMS Quota
- Dynamic Threshold Alarm
- Silencing Alarm
- EventBridge
- Product Introduction
- Practical Tutorial
- Migrating Event Alarm
- FAQs
- Related Agreements
- API Documentation
- Making API Requests
- Monitoring Data Query APIs
- Alarm APIs
- Notification Template APIs
- Legacy Alert APIs
- Prometheus Service APIs
- Grafana Service APIs
- Event Center APIs
- TencentCloud Managed Service for Prometheus APIs
- Monitoring APIs
DocumentationTencent Cloud Observability PlatformPrometheus MonitoringAccess GuideInstructions for Installing Components in the TKE Cluster
Instructions for Installing Components in the TKE Cluster
Last updated: 2024-07-23 18:11:09
Instructions for Installing Components in the TKE Cluster
Last updated: 2024-07-23 18:11:09
Overview
This document describes the features, use permissions, and resource consumption of various components installed in the user's TKE cluster during the TKE Integration process of TMP.
proxy-agent
Component Overview
The TKE cluster has independent network environment. Therefore, the proxy-agent is deployed within the cluster to provide access proxies for collection components outside the cluster. On one hand, external collection components discover resources within the cluster through the proxy-agent service; on the other hand, they scrape metrics through the proxy-agent and write them to the time series storage of the Prometheus instance.
Resource Objects Deployed in the Cluster
Namespace | Kubernetes Object Name | Type | Resource Amount | Description |
<Prometheus instance ID> | proxy-agent | Deployment | 0.25C256Mi*2 | Collection proxy |
<Prometheus instance ID> | <Prometheus instance ID> | ServiceAccount | - | Permission carrier |
- | <Prometheus instance ID> | ClusterRole | - | Collection permissions related |
- | <Prometheus instance ID>-crb | ClusterRoleBinding | - | Collection permissions related |
Component Permission Description
Permission Scenarios
Feature | Involved Objects | Involved Operation Permissions |
Collection configuration management | scrapeconfigs,servicemonitors,podmonitors,probes,configmaps,secrets,namespaces | get/list/watch |
Service discovery | services,endpoints,nodes,pods,ingresses | get/list/watch |
Scraping some system component metrics | nodes/metrics,nodes/proxy,pods/proxy | get/list/watch |
Scraping metrics with RBAC authentication | /metrics,/metrics/cadvisor | get |
Permission Definition
apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: prom-instancerules:- apiGroups:- monitoring.coreos.comresources:- scrapeconfigs- servicemonitors- podmonitors- probes- prometheuses- prometheusrulesverbs:- get- list- watch- apiGroups:- ""resources:- namespaces- configmaps- secrets- nodes- services- endpoints- podsverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- ingressesverbs:- get- list- watch- apiGroups: [ "" ]resources:- nodes/metrics- nodes/proxy- pods/proxyverbs:- get- list- watch- nonResourceURLs: [ "/metrics", "/metrics/cadvisor" ]verbs:- get
tke-kube-state-metrics
Component Overview
tke-kube-state-metrics uses the open-source component kube-state-metrics, listens to the cluster's API server, and generates status metrics for various objects within the cluster.
Resource Objects Deployed in the Cluster
Namespace | Kubernetes Object Name | Type | Resource Amount | Description |
kube-system | tke-kube-state-metrics | Statefulset | 0.5C512Mi | Collection program |
kube-system | tke-kube-state-metrics | ServiceAccount | - | Permission carrier |
- | tke-kube-state-metrics | ClusterRole | - | Collection permissions related |
- | tke-kube-state-metrics | ClusterRoleBinding | - | Collection permissions related |
kube-system | tke-kube-state-metrics | Service | - | Collection agent corresponding service, for service discovery use |
kube-system | tke-kube-state-metrics | ServiceMonitor | - | Collection configuration |
kube-system | tke-kube-state-metrics | Role | - | Shard collection permission related |
kube-system | tke-kube-state-metrics | RoleBinding | - | Shard collection permission related |
Component Permission Description
Permission Scenarios
Feature | Involved Objects | Involved Operation Permissions |
Listening to the status of various resources in the cluster | Most Kubernetes resources | list/watch |
Get the shard number of the collection pod | statefulsets, pods | get |
Permission Definition
apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: tke-kube-state-metricsrules:- apiGroups:- ""resources:- configmaps- secrets- nodes- pods- services- serviceaccounts- resourcequotas- replicationcontrollers- limitranges- persistentvolumeclaims- persistentvolumes- namespaces- endpointsverbs:- list- watch- apiGroups:- appsresources:- statefulsets- daemonsets- deployments- replicasetsverbs:- list- watch- apiGroups:- batchresources:- cronjobs- jobsverbs:- list- watch- apiGroups:- autoscalingresources:- horizontalpodautoscalersverbs:- list- watch- apiGroups:- authentication.k8s.ioresources:- tokenreviewsverbs:- create- apiGroups:- authorization.k8s.ioresources:- subjectaccessreviewsverbs:- create- apiGroups:- policyresources:- poddisruptionbudgetsverbs:- list- watch- apiGroups:- certificates.k8s.ioresources:- certificatesigningrequestsverbs:- list- watch- apiGroups:- storage.k8s.ioresources:- storageclasses- volumeattachmentsverbs:- list- watch- apiGroups:- admissionregistration.k8s.ioresources:- mutatingwebhookconfigurations- validatingwebhookconfigurationsverbs:- list- watch- apiGroups:- networking.k8s.ioresources:- networkpolicies- ingressesverbs:- list- watch- apiGroups:- coordination.k8s.ioresources:- leasesverbs:- list- watch- apiGroups:- rbac.authorization.k8s.ioresources:- clusterrolebindings- clusterroles- rolebindings- rolesverbs:- list- watch---kind: Rolemetadata:name: tke-kube-state-metricsnamespace: kube-systemrules:- apiGroups:- ""resources:- podsverbs:- get- apiGroups:- appsresourceNames:- tke-kube-state-metricsresources:- statefulsetsverbs:- get
tke-node-exporter
Component Overview
tke-node-exporter uses the open-source project node_exporter, deployed on each node in the cluster to collect hardware and Unix-like operating system metrics.
Resources Deployed in the Cluster
Namespace | Kubernetes Object Name | Type | Resource Amount | Description |
kube-system | tke-node-exporter | DaemonSet | 0.1C180Mi*node amount | Collection program |
kube-system | tke-node-exporter | Service | - | Collection program corresponding service, for service discovery use |
kube-system | tke-node-exporter | ServiceMonitor | - | Collection configuration |
Component Permission Description
This component does not use any cluster permissions.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No