OpenLdap-Exporter Docker镜像制作
Dockerfile已上传GitHub
Dockerfile
FROM golang:alpine3.16
WORKDIR /opt/
ENV LC_ALL en_US.utf8
ENV EXPORTER_VERSION=v2.2.2
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
&& apk add gcc g++ make libffi-dev openssl-dev libtool git
RUN go env -w GOPROXY=https://goproxy.cn,direct \
&& git clone -b $EXPORTER_VERSION https://github.com/tomcz/openldap_exporter.git \
&& cd /opt/openldap_exporter \
&& make
FROM alpine:3.16.2
WORKDIR /opt/
COPY --from=0 /opt/openldap_exporter/target/openldap_exporter .
EXPOSE 9330
ENTRYPOINT ["./openldap_exporter"]
构建镜像
TAG="handsomexu/openldap-exporter:v2.2.2"
docker build -t ${TAG} .
已推送DockerHub,可以直接使用我构建好的 docker pull handsomexu/openldap-exporter:v2.2.2
部署到k8s集群,并接入prometheus operator
如果ldap server也是pod运行可以和ldap server以sidecar模式运行, 我这里使用独立pod
---
apiVersion: v1
kind: Secret
metadata:
name: openldap-exporter-secret
namespace: monitoring
type: Opaque
data:
# echo -n 'password' | base64 生成
ldapPass: cGFzc3dvcmQ=
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap-exporter
namespace: monitoring
labels:
k8s-app: openldap-exporter
spec:
selector:
matchLabels:
k8s-app: openldap-exporter
strategy:
type: Recreate
replicas: 1
template:
metadata:
labels:
k8s-app: openldap-exporter
spec:
nodeSelector:
kubernetes.io/hostname: 10.22.19.34
dnsPolicy: ClusterFirst
containers:
- name: openldap-exporter
image: handsomexu/openldap-exporter:v2.2.2
imagePullPolicy: IfNotPresent
command: ["/opt/openldap_exporter"]
args: [ "--ldapAddr", "192.168.10.35:30389", "--ldapUser", "cn=root,dc=xuhandsome,dc=com", "--ldapPass", "$(LDAPPASS)" ]
env:
- name: LDAPPASS
valueFrom:
secretKeyRef:
name: openldap-exporter-secret
key: ldapPass
optional: false
resources:
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 200m
memory: 500Mi
securityContext:
runAsUser: 0
ports:
- name: ldap-exporter
containerPort: 9330
protocol: TCP
livenessProbe:
exec:
command:
- nc
- -zv
- 127.0.0.1
- "9330"
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
exec:
command:
- nc
- -zv
- 127.0.0.1
- "9330"
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: openldap-exporter
name: openldap-exporter
namespace: monitoring
spec:
ports:
- name: metrics
port: 9330
protocol: TCP
targetPort: 9330
selector:
k8s-app: openldap-exporter
type: ClusterIP
# 添加servicemonitor资源
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: openldap-exporter
namespace: monitoring
labels:
app.kubernetes.io/name: openldap-exporter
spec:
endpoints:
- interval: 30s
port: metrics
scheme: http
jobLabel: openldap-exporter
namespaceSelector:
matchNames:
- monitoring
selector:
matchLabels:
k8s-app: openldap-exporter
监控接入效果
访问Prometheus UI可以看到openldap-exporter这个job里已经接进去了我们的target
转载请注明来源, 欢迎对文章中的引用来源进行考证, 欢迎指出任何有错误或不够清晰的表达, 可以邮件至 chinaops666@gmail.com