kubernetes metrics-server
使用helm安装:
添加源:
helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
获取配置文件:修改下镜像地址
helm show values metrics-server/metrics-server > metrics-server-conf.yaml
安装:安装后需要在启动选项上添加 --kubelet-insecure-tls 选项来不验证证书。
helm install metrics-server metrics-server/metrics-server -n kube-system -f metrics-server-conf.yaml
1、master和node之间要通信,所以在 master 上要安装 flannel。
2、开启聚合层 Aggregation Layer 这是用来扩展 apiserver 的功能的。metrics server是第三方开发的用来扩展k8s apiserver 的功能,Aggregation 相当于一个代理,通过它既能获取到k8s原生资源又能获取到第三方api的资源。
3、修改 yaml 文件,根据本地的环境情况来修改使其运行即可。
部署
安装 flannel:
yum install flannel -y
开启聚合层 Aggregation layer:
--requestheader-client-ca-file=/etc/kubernetes/cert/ca.crt \ --requestheader-allowed-names=aggregator \ --requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-group-headers=X-Remote-Group \ --requestheader-username-headers=X-Remote-User \ --proxy-client-cert-file=/etc/kubernetes/cert/kube_proxy.crt \ --proxy-client-key-file=/etc/kubernetes/cert/kube_proxy.key \ --enable-aggregator-routing=true \
选项详解:
--requestheader-client-ca-file= CA证书
--requestheader-allowed-names= 证书CN字段的名称
--requestheader-extra-headers-prefix、--requestheader-group-headers、--requestheader-username-headers 这三个选项照抄即可
--proxy-client-cert-file= 证书
--proxy-client-key-file= 证书秘钥
--enable-aggregator-routing=true 如果未在运行apiserver的主机上运行kube-proxy,则需要开启这项。
在node节点上修改kubelet启动参数:
删除 --read-only-port=0
添加 --authentication-token-webhook=true
部署metrics server:
kubernetes github官方提供的插件:在里面可以找到metrics-server目录。
kubernetes/cluster/addons/
metrics-server部署文件位置如下:
https://github.com/kubernetes/kubernetes/tree/release-1.14/cluster/addons/metrics-server
将文件下载到本地修改并部署即可:
for file in auth-delegator.yaml auth-reader.yaml metrics-apiservice.yaml metrics-server-deployment.yaml metrics-server-service.yaml resource-reader.yaml do wget https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.14/cluster/addons/metrics-server/$file; done
要修改的有如下几个地方:
metrics-server-deployment.yaml 文件中:
修改 metrics-server 镜像的 command 参数
修改 addon-resizer 镜像的 command 参数
resource-reader.yaml 文件中:
添加一个参数在 rules.resources 下。
下面这些是修改好的 yaml 文件:
auth-delegator.yaml
cat >> auth-delegator.yaml <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metrics-server:system:auth-delegator labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system EOF
auth-reader.yaml
cat >> auth-reader.yaml <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metrics-server-auth-reader namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system EOF
metrics-apiservice.yaml
cat >> metrics-apiservice.yaml <<EOF apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1beta1.metrics.k8s.io labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: service: name: metrics-server namespace: kube-system group: metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 EOF
metrics-server-deployment.yaml
cat >> metrics-server-deployment.yaml <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: v1 kind: ConfigMap metadata: name: metrics-server-config namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: EnsureExists data: NannyConfiguration: |- apiVersion: nannyconfig/v1alpha1 kind: NannyConfiguration --- apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server-v0.3.1 namespace: kube-system labels: k8s-app: metrics-server kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile version: v0.3.1 spec: selector: matchLabels: k8s-app: metrics-server version: v0.3.1 template: metadata: name: metrics-server labels: k8s-app: metrics-server version: v0.3.1 annotations: scheduler.alpha.kubernetes.io/critical-pod: '' seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: priorityClassName: system-cluster-critical serviceAccountName: metrics-server containers: - name: metrics-server image: k8s.gcr.io/metrics-server-amd64:v0.3.1 command: - /metrics-server - --metric-resolution=30s - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP ports: - containerPort: 443 name: https protocol: TCP - name: metrics-server-nanny image: k8s.gcr.io/addon-resizer:1.8.4 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 5m memory: 50Mi env: - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: metrics-server-config-volume mountPath: /etc/config command: - /pod_nanny - --config-dir=/etc/config - --cpu=100m - --extra-cpu=0.5m - --memory=100Mi - --extra-memory=50Mi - --threshold=5 - --deployment=metrics-server-v0.3.1 - --container=metrics-server - --poll-period=300000 - --estimator=exponential # Specifies the smallest cluster (defined in number of nodes) # resources will be scaled to. - --minClusterSize=2 volumes: - name: metrics-server-config-volume configMap: name: metrics-server-config tolerations: - key: "CriticalAddonsOnly" operator: "Exists" EOF
metrics-server-service.yaml
cat >> metrics-server-service.yaml <<EOF apiVersion: v1 kind: Service metadata: name: metrics-server namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/cluster-service: "true" kubernetes.io/name: "Metrics-server" spec: selector: k8s-app: metrics-server ports: - port: 443 protocol: TCP targetPort: https EOF
resource-reader.yaml
cat >> resource-reader.yaml <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:metrics-server labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" resources: - pods - nodes - nodes/stats - namespaces verbs: - get - list - watch - apiGroups: - "extensions" resources: - deployments verbs: - get - list - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:metrics-server labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system EOF
国内镜像:
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.1 registry.cn-hangzhou.aliyuncs.com/google_containers/addon-resizer:1.8.4
查看是否部署成功:
kubectl api-versions | grep metrics kubectl top nodes