标签:
想使用node_exporter
监控,但端口不想暴露在公网(开启 ufw),如果想让prometheus
容器访问宿主机localhost:9100
应该怎么做
-
prometheus
容器的 docker 初始化代码:docker run -d -p 127.0.0.1:9090:9090 \ # 不暴露在公网不能改 -v /storage/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \ --restart=always \ --name=prometheus \ --net=prometheus-bridge \ # 不能改, 因为有很多容器都在这个网桥内 --ip 172.18.0.2 \ # 不能改 prom/prometheus
-
这个是
node_exporter
的代码,本来也加上了prometheus-bridge
, 但这样就无法监控宿主机网络流量了 如果想监控宿主机网络流量必须使用network_mode:host
但是host
无法与bridge
一起用(默认端口0.0.0.0:9100
)version: '3.8' services: node_exporter: image: quay.io/prometheus/node-exporter:latest container_name: node_exporter command: - '--path.rootfs=/host' network_mode: host pid: host restart: unless-stopped volumes: - '/:/host:ro,rslave'
-
/storage/prometheus/prometheus.yml
这是当前的配置文件,不想把node_exporter
暴露在公网 使用了ufw enable
防止外部访问- job_name: node-exporter static_configs: - targets: ['公网 IP:9100'] # 这个是当前的配置文件用的公网,想改成内网访问
-
尝试过使用
host.docker.internal:9100
但是开了防火墙后无法访问?
容器内部要想使用宿主机的服务器,可以使用 host.docker.internal:host-gateway 映射的方式来解决:
1. 命令行启动
--add-host=host.docker.internal:host-gateway
2. compose file (注意,在 build 时不支持)
extra_hosts:
- "host.docker.internal:host-gateway"
3. 在容器内可以通过 host.docker.internal 来访问宿主机的 127.0.0.1
prometheus 配置:
```
docker run -d -p 127.0.0.1:9090:9090 \
-v /storage/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \
--add-host=host.docker.internal:host-gateway \
--restart=always \
--name=prometheus \
--net=prometheus-bridge \
--ip 172.18.0.2 \
prom/prometheus
```
node_exporter 配置:
```
version: '3.8'
services:
node_exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
command:
- '--path.rootfs=/host'
network_mode: host
pid: host
restart: unless-stopped
volumes:
- '/:/host:ro,rslave'
```
网桥信息:
```
root@it7:~# docker inspect prometheus-bridge
[
{
"Name": "prometheus-bridge",
"Id": "9db3ba11ccefb523a85ef3713777c780c49f0bf64f6065dd7bbd0d77d45da612",
"Created": "2024-05-17T15:56:49.735352162+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/24",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"028e10760ce3a47680d4b9b0c7bce38ecfb7e8588be860d5523ab93dcbc8b5ae": {
"Name": "prometheus",
"EndpointID": "c5675e399cf1e0fe1e843a9995e31836ab21de23db25c8bfdd54ba9197d28405",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/24",
"IPv6Address": ""
},
"29b6830a07165ac45fb176e48a14b4b31e4f1925c9b580c4528c836a5978dd3c": {
"Name": "xxx",
"EndpointID": "52acddb87f3515af70c39d38784dbef7dd0506ce94881410cddfdbdea04bb6f5",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/24",
"IPv6Address": ""
},
"70edf1712821c9efd62dbb57f15f78329923409ac874157bc07b547535062478": {
"Name": "xxx",
"EndpointID": "dd32442417a928a22477c587dc9cecebb6162ee1b93b748310e57109f341ebca",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/24",
"IPv6Address": ""
},
"eddd3efc96103784a7a5e961b988d56503131eefdd934657532441edf75b15d7": {
"Name": "xxx",
"EndpointID": "255eb88cb2e8706383f4aabc4d7be8de7cc9916929ddb71480b541d4c4399a5e",
"MacAddress": "02:42:ac:12:00:05",
"IPv4Address": "172.18.0.5/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
```
docker 版本:
```
root@it7:~# docker version
Client: Docker Engine - Community
Version: 26.1.3
API version: 1.45
Go version: go1.21.10
Git commit: b72abbb
Built: Thu May 16 08:33:29 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.1.3
API version: 1.45 (minimum version 1.24)
Go version: go1.21.10
Git commit: 8e96db1
Built: Thu May 16 08:33:29 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@it7:~#
```
标签: 来源:
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。