Iptables

iptables monitoring with Grafana (Not Completed)
  • kkumtree

2024-09-29T13:35:13+09:00

iptables๋ฅผ ์ˆ˜์ง‘ํ•˜์—ฌ Grafana๋กœ ํ‘œํ˜„ํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์•Œ์•„๋ด…๋‹ˆ๋‹ค.

CloudNet@์—์„œ ์ง„ํ–‰ํ•˜๊ณ  ์žˆ๋Š” K8s Advanced Network Study(์ดํ•˜, KANS)๋ฅผ ํ†ตํ•ด ํ•™์Šตํ•œ ๋‚ด์šฉ์„ ์ •๋ฆฌํ•ฉ๋‹ˆ๋‹ค.

0. ํ™˜๊ฒฝ ๊ตฌ์„ฑ (kind)

์ž‘์„ฑ์‹œ๊ฐ„ ์ด์Šˆ๋กœ featureGates, ConfigPatches, networking ์„ค์ • ์„ค๋ช…์€ ์Šคํ‚ต…ํ•ฉ๋‹ˆ๋‹ค.

a. 1 Master, 3 Slave ํ™˜๊ฒฝ ๊ตฌ์„ฑ

cat <<EOT> kind-svc-1w.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
  "InPlacePodVerticalScaling": true
  "MultiCIDRServiceAllocator": true
nodes:
- role: control-plane
  labels:
    mynode: control-plane
    topology.kubernetes.io/zone: ap-northeast-2a
  extraPortMappings:
  - containerPort: 30000
    hostPort: 30000
  - containerPort: 30001
    hostPort: 30001
  - containerPort: 30002
    hostPort: 30002
  kubeadmConfigPatches:
  - |
    kind: ClusterConfiguration
    apiServer:
      extraArgs:
        runtime-config: api/all=true
    controllerManager:
      extraArgs:
        bind-address: 0.0.0.0
    etcd:
      local:
        extraArgs:
          listen-metrics-urls: http://0.0.0.0:2381
    scheduler:
      extraArgs:
        bind-address: 0.0.0.0
  - |
    kind: KubeProxyConfiguration
    metricsBindAddress: 0.0.0.0
- role: worker
  labels:
    mynode: worker1
    topology.kubernetes.io/zone: ap-northeast-2a
- role: worker
  labels:
    mynode: worker2
    topology.kubernetes.io/zone: ap-northeast-2b
- role: worker
  labels:
    mynode: worker3
    topology.kubernetes.io/zone: ap-northeast-2c
networking:
  podSubnet: 10.10.0.0/16
  serviceSubnet: 10.200.1.0/24
EOT

kind create cluster --config kind-svc-1w.yaml --name myk8s --image kindest/node:v1.31.0

b. ๊ธฐ๋ณธ ํˆด ์„ค์น˜

docker exec -it myk8s-control-plane sh -c 'apt update && apt install tree psmisc lsof wget bsdmainutils bridge-utils net-tools ipset ipvsadm nfacct tcpdump ngrep iputils-ping arping git vim arp-scan -y'

1. prometheus stack ์„ค์น˜ (helm)

a. repository ์ถ”๊ฐ€ ๋ฐ ๊ตฌ์„ฑ

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts

cat <<EOT > monitor-values.yaml
prometheus:
  prometheusSpec:
    podMonitorSelectorNilUsesHelmValues: false
    serviceMonitorSelectorNilUsesHelmValues: false
    nodeSelector:
      mynode: control-plane
    tolerations:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Equal"
      effect: "NoSchedule"


grafana:
  defaultDashboardsTimezone: Asia/Tokyo
  adminPassword: kans7969

  service:
    type: NodePort
    nodePort: 30002
  nodeSelector:
    mynode: control-plane
  tolerations:
  - key: "node-role.kubernetes.io/control-plane"
    operator: "Equal"
    effect: "NoSchedule"

defaultRules:
  create: false
alertmanager:
  enabled: false

EOT

b. ์„ค์น˜

kubectl create ns monitoring
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 62.3.0 -f monitor-values.yaml --namespace monitoring

c. prometheus ์ฝ˜์†” ์ ‘์†

์ƒˆ๋กœ์šด ํ„ฐ๋ฏธ๋„์„ ์—ด์–ด, port-forwarding์„ ํ†ตํ•ด ์ ‘์†ํ•ฉ๋‹ˆ๋‹ค.

kkumtree

Source code on GitHub

ยฉ 2025 kkumtree and contributors All rights reserved.
Licensed under
CC BY-NC-ND 4.0