bitnamicharts/prometheus Docker 镜像 - 轩辕镜像

Bitnami Secure Images Helm chart for Prometheus

Prometheus is an open source monitoring and alerting system. It enables sysadmins to monitor their infrastructures by collecting metrics from configured targets at given intervals.

Overview of Prometheus

Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

console
helm install my-release oci://registry-1.docker.io/bitnamicharts/prometheus

Why use Bitnami Secure Images?

Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?

• Hardened secure images of popular open source software with Near-Zero Vulnerabilities
• Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
• Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
• Software supply chain provenance attestation through in-toto
• First class support for the internet’s favorite Helm charts

Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.

!Alt text !Alt text

If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.

Introduction

Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.

This chart bootstraps a Prometheus Deployment in a Kubernetes cluster using the Helm package manager.

Prerequisites

• Kubernetes 1.23+
• Helm 3.8.0+
• PV provisioner support in the underlying infrastructure
• ReadWriteMany volumes for deployment scaling

Installing the Chart

To install the chart with the release name my-release:

console
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/prometheus

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

The command deploys Prometheus on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Configuration and installation details

Resource requests and limits

Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.

To make this process easier, the chart contains the resourcesPreset values, which automatically sets the resources section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcesPreset is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

Deploy extra resources

There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the extraDeploy parameter.

Backup and restore

To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. Find the instructions for using Velero in this guide.

Setting Pod's affinity

This chart allows you to set your custom affinity using the XXX.affinity parameter(s). Find more information about Pod's affinity in the kubernetes documentation.

As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the XXX.podAffinityPreset, XXX.podAntiAffinityPreset, or XXX.nodeAffinityPreset parameters.

Integrate Prometheus and Alertmanager with Thanos

You can integrate Prometheus & Alertmanager with Thanos using this chart and the Bitnami Thanos chart following the steps below:

Note: in this example we will use MinIO® (subchart) as the Objstore. Every component will be deployed in the "monitoring" namespace.

• Create a values.yaml like the one below for Thanos:

yaml
objstoreConfig: |-
  type: s3
  config:
    bucket: thanos
    endpoint: {{ include "thanos.minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:9000
    access_key: minio
    secret_key: minio123
    insecure: true
query:
  dnsDiscovery:
    sidecarsService: prometheus-thanos
    sidecarsNamespace: monitoring
bucketweb:
  enabled: true
compactor:
  enabled: true
storegateway:
  enabled: true
ruler:
  enabled: true
  alertmanagers:
    - [***]
  config: |-
    groups:
      - name: "metamonitoring"
        rules:
          - alert: "PrometheusDown"
            expr: absent(up{prometheus="monitoring/prometheus"})
metrics:
  enabled: true
  serviceMonitor:
    enabled: true
minio:
  enabled: true
  auth:
    rootPassword: minio123
    rootUser: minio
  monitoringBuckets: thanos
  accessKey:
    password: minio
  secretKey:
    password: minio123

• Install Prometheus and Thanos charts:

For Helm 3:

console
kubectl create namespace monitoring
helm install prometheus \
    --set prometheus.thanos.create=true \
    --namespace monitoring \
    oci://REGISTRY_NAME/REPOSITORY_NAME/prometheus
helm install thanos \
    --values values.yaml \
    --namespace monitoring \
    oci://REGISTRY_NAME/REPOSITORY_NAME/thanos

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

That's all! Now you have Thanos fully integrated with Prometheus and Alertmanager.

Integrate Prometheus with Grafana Mimir

You can integrate Prometheus with Grafana Mimir using this chart and the Bitnami Grafana Mimir chart adding a remoteWrite entry:

• Create a values.yaml like the one below for Prometheus:

yaml
server:
  remoteWrite:
    - url: [***]
      headers:
        X-Scope-OrgID: demo

• Install Prometheus and Grafana Mimir charts:

For Helm 3:

console
kubectl create namespace monitoring
helm install prometheus \
    --values values.yaml \
    --namespace monitoring \
    oci://REGISTRY_NAME/REPOSITORY_NAME/prometheus
helm install grafana-mimir \
    oci://REGISTRY_NAME/REPOSITORY_NAME/grafana-mimir

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

That's all! Now you have Prometheus integrated with Grafana Mimir.

Integrate Prometheus with Grafana

You can integrate Prometheus with Grafana Dashboard using this chart and the Bitnami Grafana chart just adding the prometheus datasources:

• Create a values.yaml like the one below for Grafana:

yaml
datasources:
  secretDefinition:
    apiVersion: 1
    datasources:
      - name: Prometheus
        type: prometheus
        access: proxy
        orgId: 1
        url: [***]
        version: 1
        editable: true
        isDefault: true
      - name: Alertmanager
        uid: alertmanager
        type: alertmanager
        access: proxy
        orgId: 1
        url: [***]
        version: 1
        editable: true

• Install Prometheus and Grafana charts:

For Helm 3:

console
kubectl create namespace monitoring
helm install prometheus \
    --namespace monitoring \
    oci://REGISTRY_NAME/REPOSITORY_NAME/prometheus
helm install grafana \
    --values values.yaml \
    --namespace monitoring \
    oci://REGISTRY_NAME/REPOSITORY_NAME/grafana

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

How to add new targets

By default this helm chart will monitor its own targets: prometheus and alertmanager. Additional ones can be added setting a list with the scrape_configs in the value server.extraScrapeConfigs. Here there is a simple example for wordpress (deployed in the default namespace):

yaml
server:
  extraScrapeConfigs:
    - job_name: wordpress
      kubernetes_sd_configs:
        - role: endpoints
          namespaces:
            names:
            - default
      metrics_path: /metrics
      relabel_configs:
        - source_labels:
            - job
          target_label: __tmp_wordpress_job_name
        - action: keep
          source_labels:
            - __meta_kubernetes_service_label_app_kubernetes_io_instance
            - __meta_kubernetes_service_labelpresent_app_kubernetes_io_instance
          regex: (wordpress);true
        - action: keep
          source_labels:
            - __meta_kubernetes_service_label_app_kubernetes_io_name
            - __meta_kubernetes_service_labelpresent_app_kubernetes_io_name
          regex: (wordpress);true
        - action: keep
          source_labels:
            - __meta_kubernetes_endpoint_port_name
          regex: metrics
        - source_labels:
            - __meta_kubernetes_endpoint_address_target_kind
            - __meta_kubernetes_endpoint_address_target_name
          separator: ;
          regex: Node;(.*)
          replacement: ${1}
          target_label: node
        - source_labels:
            - __meta_kubernetes_endpoint_address_target_kind
            - __meta_kubernetes_endpoint_address_target_name
          separator: ;
          regex: Pod;(.*)
          replacement: ${1}
          target_label: pod
        - source_labels:
            - __meta_kubernetes_namespace
          target_label: namespace
        - source_labels:
            - __meta_kubernetes_service_name
          target_label: service
        - source_labels:
            - __meta_kubernetes_pod_name
          target_label: pod
        - source_labels:
            - __meta_kubernetes_pod_container_name
          target_label: container
        - action: drop
          source_labels:
            - __meta_kubernetes_pod_phase
          regex: (Failed|Succeeded)
        - source_labels:
            - __meta_kubernetes_service_name
          target_label: job
          replacement: ${1}
        - target_label: endpoint
          replacement: metrics
        - source_labels:
            - __address__
          target_label: __tmp_hash
          modulus: 1
          action: hashmod
        - source_labels:
            - __tmp_hash
          regex: 0
          action: keep

Parameters

Global parameters

Common parameters

Alertmanager Parameters

_Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at [***]