tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud Observability Platform
    Documentation
    Download PDF

    Instructions for Installing Components in the TKE Cluster

    Last updated: 2024-07-23 18:11:09
    Download PDF

      Overview

      This document describes the features, use permissions, and resource consumption of various components installed in the user's TKE cluster during the TKE Integration process of TMP.

      proxy-agent

      Component Overview

      The TKE cluster has independent network environment. Therefore, the proxy-agent is deployed within the cluster to provide access proxies for collection components outside the cluster. On one hand, external collection components discover resources within the cluster through the proxy-agent service; on the other hand, they scrape metrics through the proxy-agent and write them to the time series storage of the Prometheus instance.

      Resource Objects Deployed in the Cluster

      Namespace
      Kubernetes Object Name
      Type
      Resource Amount
      Description
      <Prometheus instance ID>
      proxy-agent
      Deployment
      0.25C256Mi*2
      Collection proxy
      <Prometheus instance ID>
      <Prometheus instance ID>
      ServiceAccount
      -
      Permission carrier
      -
      <Prometheus instance ID>
      ClusterRole
      -
      Collection permissions related
      -
      <Prometheus instance ID>-crb
      ClusterRoleBinding
      -
      Collection permissions related

      Component Permission Description

      Permission Scenarios

      Feature
      Involved Objects
      Involved Operation Permissions
      Collection configuration management
      scrapeconfigs,servicemonitors,podmonitors,probes,configmaps,secrets,namespaces
      get/list/watch
      Service discovery
      services,endpoints,nodes,pods,ingresses
      get/list/watch
      Scraping some system component metrics
      nodes/metrics,nodes/proxy,pods/proxy
      get/list/watch
      Scraping metrics with RBAC authentication
      /metrics,/metrics/cadvisor
      get

      Permission Definition

      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: prom-instance
      rules:
        - apiGroups:
            - monitoring.coreos.com
          resources:
            - scrapeconfigs
            - servicemonitors
            - podmonitors
            - probes
            - prometheuses
            - prometheusrules
          verbs:
            - get
            - list
            - watch
        - apiGroups:
            - ""
          resources:
            - namespaces
            - configmaps
            - secrets
            - nodes
            - services
            - endpoints
            - pods
          verbs:
            - get
            - list
            - watch
        - apiGroups:
            - networking.k8s.io
          resources:
            - ingresses
          verbs:
            - get
            - list
            - watch
        - apiGroups: [ "" ]
          resources:
            - nodes/metrics
            - nodes/proxy
            - pods/proxy
          verbs:
            - get
            - list
            - watch
        - nonResourceURLs: [ "/metrics", "/metrics/cadvisor" ]
          verbs:
            - get

      tke-kube-state-metrics

      Component Overview

      tke-kube-state-metrics uses the open-source component kube-state-metrics, listens to the cluster's API server, and generates status metrics for various objects within the cluster.

      Resource Objects Deployed in the Cluster

      Namespace
      Kubernetes Object Name
      Type
      Resource Amount
      Description
      kube-system
      tke-kube-state-metrics
      Statefulset
      0.5C512Mi
      Collection program
      kube-system
      tke-kube-state-metrics
      ServiceAccount
      -
      Permission carrier
      -
      tke-kube-state-metrics
      ClusterRole
      -
      Collection permissions related
      -
      tke-kube-state-metrics
      ClusterRoleBinding
      -
      Collection permissions related
      kube-system
      tke-kube-state-metrics
      Service
      -
      Collection agent corresponding service, for service discovery use
      kube-system
      tke-kube-state-metrics
      ServiceMonitor
      -
      Collection configuration
      kube-system
      tke-kube-state-metrics
      Role
      -
      Shard collection permission related
      kube-system
      tke-kube-state-metrics
      RoleBinding
      -
      Shard collection permission related

      Component Permission Description

      Permission Scenarios

      Feature
      Involved Objects
      Involved Operation Permissions
      Listening to the status of various resources in the cluster
      Most Kubernetes resources
      list/watch
      Get the shard number of the collection pod
      statefulsets, pods
      get

      Permission Definition

      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: tke-kube-state-metrics
      rules:
        - apiGroups:
            - ""
          resources:
            - configmaps
            - secrets
            - nodes
            - pods
            - services
            - serviceaccounts
            - resourcequotas
            - replicationcontrollers
            - limitranges
            - persistentvolumeclaims
            - persistentvolumes
            - namespaces
            - endpoints
          verbs:
            - list
            - watch
        - apiGroups:
            - apps
          resources:
            - statefulsets
            - daemonsets
            - deployments
            - replicasets
          verbs:
            - list
            - watch
        - apiGroups:
            - batch
          resources:
            - cronjobs
            - jobs
          verbs:
            - list
            - watch
        - apiGroups:
            - autoscaling
          resources:
            - horizontalpodautoscalers
          verbs:
            - list
            - watch
        - apiGroups:
            - authentication.k8s.io
          resources:
            - tokenreviews
          verbs:
            - create
        - apiGroups:
            - authorization.k8s.io
          resources:
            - subjectaccessreviews
          verbs:
            - create
        - apiGroups:
            - policy
          resources:
            - poddisruptionbudgets
          verbs:
            - list
            - watch
        - apiGroups:
            - certificates.k8s.io
          resources:
            - certificatesigningrequests
          verbs:
            - list
            - watch
        - apiGroups:
            - storage.k8s.io
          resources:
            - storageclasses
            - volumeattachments
          verbs:
            - list
            - watch
        - apiGroups:
            - admissionregistration.k8s.io
          resources:
            - mutatingwebhookconfigurations
            - validatingwebhookconfigurations
          verbs:
            - list
            - watch
        - apiGroups:
            - networking.k8s.io
          resources:
            - networkpolicies
            - ingresses
          verbs:
            - list
            - watch
        - apiGroups:
            - coordination.k8s.io
          resources:
            - leases
          verbs:
            - list
            - watch
        - apiGroups:
            - rbac.authorization.k8s.io
          resources:
            - clusterrolebindings
            - clusterroles
            - rolebindings
            - roles
          verbs:
            - list
            - watch
      ---
      kind: Role
      metadata:
        name: tke-kube-state-metrics
        namespace: kube-system
      rules:
        - apiGroups:
            - ""
          resources:
            - pods
          verbs:
            - get
        - apiGroups:
            - apps
          resourceNames:
            - tke-kube-state-metrics
          resources:
            - statefulsets
          verbs:
            - get
      

      tke-node-exporter

      Component Overview

      tke-node-exporter uses the open-source project node_exporter, deployed on each node in the cluster to collect hardware and Unix-like operating system metrics.

      Resources Deployed in the Cluster

      Namespace
      Kubernetes Object Name
      Type
      Resource Amount
      Description
      kube-system
      tke-node-exporter
      DaemonSet
      0.1C180Mi*node amount
      Collection program
      kube-system
      tke-node-exporter
      Service
      -
      Collection program corresponding service, for service discovery use
      kube-system
      tke-node-exporter
      ServiceMonitor
      -
      Collection configuration

      Component Permission Description

      This component does not use any cluster permissions.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy