victoriaMetrics無法獲取抓取target的問題

victoriaMetrics無法獲取抓取target的問題

問題描述

最近在新環境中部署了一個服務,其暴露的指標路徑爲:10299/metrics,配置文件如下(名稱字段有修改):

apiVersion: v1
items:
- apiVersion: operator.victoriametrics.com/v1beta1
  kind: VMServiceScrape
  metadata:
    labels:
      app_id: audit
    name: audit
    namespace: default
  spec:
    endpoints:
    - path: /metrics
      targetPort: 10299
    namespaceSelector:
      matchNames:
      - default
    selector:
      matchLabels:
        app_id: audit

但在vmagent上查看其狀態如下,vmagent無法發現該target:

一般排查方式

  1. 確保服務本身沒問題,可以通過${podIp}:10299/metrics訪問到指標
  2. 確保vmservicescrape-->service-->enpoints鏈路是通的,即配置的selector字段能夠正確匹配到對應的資源
  3. 確保vmservicescrape格式正確。注:vmservicescrape資源格式不正確可能會導致vmagent無法加載配置,可以通過第5點檢測到
  4. 確保vmagent中允許發現該命名空間中的target
  5. 在vmagent的UI界面執行reload,查看vmagent的日誌是否有相關錯誤提示

經過排查發現上述方式均無法解決問題,更奇怪的是在vmagent的api/v1/targets中無法找到該target,說明vmagent壓根沒有發現該服務,即vmservicescrape配置沒有生效。在vmagent中查看上述vmservicescrape生成的配置文件如下(其拼接了靜態配置),可以看到它使用了kubernetes_sd_configs的方式來發現target:

- job_name: serviceScrape/default/audit/0
  metrics_path: /metrics
  relabel_configs:
  - source_labels: [__meta_kubernetes_service_label_app_id]
    regex: audit
    action: keep
  - source_labels: [__meta_kubernetes_pod_container_port_number]
    regex: "10299"
    action: keep
  - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
    separator: ;
    target_label: node
    regex: Node;(.*)
    replacement: ${1}
  - source_labels: [__meta_kubernetes_endpoint_address_target_kind, __meta_kubernetes_endpoint_address_target_name]
    separator: ;
    target_label: pod
    regex: Pod;(.*)
    replacement: ${1}
  - source_labels: [__meta_kubernetes_pod_name]
    target_label: pod
  - source_labels: [__meta_kubernetes_pod_container_name]
    target_label: container
  - source_labels: [__meta_kubernetes_namespace]
    target_label: namespace
  - source_labels: [__meta_kubernetes_service_name]
    target_label: service
  - source_labels: [__meta_kubernetes_service_name]
    target_label: job
    replacement: ${1}
  - target_label: endpoint
    replacement: "8080"
  kubernetes_sd_configs:
  - role: endpoints
    namespaces:
      own_namespace: false
      names:
      - default

代碼分析

既然配置沒有問題,那隻能通過victoriametrics的kubernetes_sd_configs的運作方式看下到底是哪裏出問題了。在victoriametrics的源碼可以看到其拼接的target url如下:

scrapeURL := fmt.Sprintf("%s://%s%s%s%s", schemeRelabeled, addressRelabeled, metricsPathRelabeled, optionalQuestion, paramsStr)

其中:

  • schemeRelabeled:默認是http
  • metricsPathRelabeled:即生成的配置文件的metrics_path字段
  • optionalQuestionparamsStr沒有配置,可以忽略

最主要的字段就是addressRelabeled,它來自一個名爲"__address__"的標籤

func mergeLabels(swc *scrapeWorkConfig, target string, extraLabels, metaLabels map[string]string) []prompbmarshal.Label {
	...
	m["job"] = swc.jobName
	m["__address__"] = target
	m["__scheme__"] = swc.scheme
	m["__metrics_path__"] = swc.metricsPath
	m["__scrape_interval__"] = swc.scrapeInterval.String()
	m["__scrape_timeout__"] = swc.scrapeTimeout.String()
	...
}

繼續跟蹤代碼,可以看到該標籤是通過sc.KubernetesSDConfigs[i].MustStart獲取到的,從KubernetesSDConfigs的名稱上看,它就是負責處理kubernetes_sd_configs機制的:

func (sc *ScrapeConfig) mustStart(baseDir string) {
	swosFunc := func(metaLabels map[string]string) interface{} {
		target := metaLabels["__address__"]
		sw, err := sc.swc.getScrapeWork(target, nil, metaLabels)
		if err != nil {
			logger.Errorf("cannot create kubernetes_sd_config target %q for job_name %q: %s", target, sc.swc.jobName, err)
			return nil
		}
		return sw
	}
	for i := range sc.KubernetesSDConfigs {
		sc.KubernetesSDConfigs[i].MustStart(baseDir, swosFunc)
	}
}

繼續往下看,看看這個"__address__"字段到底是什麼,函數調用如下:

MustStart --> cfg.aw.mustStart --> aw.gw.startWatchersForRole --> uw.reloadScrapeWorksForAPIWatchersLocked --> o.getTargetLabels

最後一個函數getTargetLabels是個接口方法

type object interface {
	key() string

	// getTargetLabels must be called under gw.mu lock.
	getTargetLabels(gw *groupWatcher) []map[string]string
}

getTargetLabels的實現如下,這就是kubernetes_sd_configs的各個role的具體實現。上述服務用到的是kubernetes_sd_configsrole爲endpoints

實現如下:

func (eps *Endpoints) getTargetLabels(gw *groupWatcher) []map[string]string {
	var svc *Service
	if o := gw.getObjectByRoleLocked("service", eps.Metadata.Namespace, eps.Metadata.Name); o != nil {
		svc = o.(*Service)
	}
	podPortsSeen := make(map[*Pod][]int)
	var ms []map[string]string
	for _, ess := range eps.Subsets {
		for _, epp := range ess.Ports {
			ms = appendEndpointLabelsForAddresses(ms, gw, podPortsSeen, eps, ess.Addresses, epp, svc, "true")
			ms = appendEndpointLabelsForAddresses(ms, gw, podPortsSeen, eps, ess.NotReadyAddresses, epp, svc, "false")
		}
	}
	// See https://kubernetes.io/docs/reference/labels-annotations-taints/#endpoints-kubernetes-io-over-capacity
	// and https://github.com/kubernetes/kubernetes/pull/99975
	switch eps.Metadata.Annotations.GetByName("endpoints.kubernetes.io/over-capacity") {
	case "truncated":
		logger.Warnf(`the number of targets for "role: endpoints" %q exceeds 1000 and has been truncated; please use "role: endpointslice" instead`, eps.Metadata.key())
	case "warning":
		logger.Warnf(`the number of targets for "role: endpoints" %q exceeds 1000 and will be truncated in the next k8s releases; please use "role: endpointslice" instead`, eps.Metadata.key())
	}

	// Append labels for skipped ports on seen pods.
	portSeen := func(port int, ports []int) bool {
		for _, p := range ports {
			if p == port {
				return true
			}
		}
		return false
	}
	for p, ports := range podPortsSeen {
		for _, c := range p.Spec.Containers {
			for _, cp := range c.Ports {
				if portSeen(cp.ContainerPort, ports) {
					continue
				}
				addr := discoveryutils.JoinHostPort(p.Status.PodIP, cp.ContainerPort)
				m := map[string]string{
					"__address__": addr,
				}
				p.appendCommonLabels(m)
				p.appendContainerLabels(m, c, &cp)
				if svc != nil {
					svc.appendCommonLabels(m)
				}
				ms = append(ms, m)
			}
		}
	}
	return ms
}

可以看到,"__address__"其實就是拼接了p.Status.PodIPcp.ContainerPort,而p則代表一個kubernetes的pod數據結構,因此要求:

  1. pod狀態是running的,且能夠正確分配到PodIP
  2. p.Spec.Containers[].ports[].ContainerPort中配置了暴露metrics target的端口

問題解決

鑑於上述分析,查看了一下環境中的deployment,發現該deployment只配置了8080端口,並沒有配置暴露指標的端口10299。問題解決。

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app_id: audit
  name: audit
  namespace: default
spec:
  ...
  template:
    metadata:
      ...
    spec:
      containers:
      - env:
        - name: APP_ID
          value: audit
        ports:
        - containerPort: 8080
          protocol: TCP
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章