1、master和node之间要通信,所以在 master 上要安装 flannel。

2、开启聚合层 Aggregation Layer 这是用来扩展 apiserver 的功能的。metrics server是第三方开发的用来扩展k8s apiserver 的功能,Aggregation 相当于一个代理,通过它既能获取到k8s原生资源又能获取到第三方api的资源。

3、修改 yaml 文件,根据本地的环境情况来修改使其运行即可。


部署


安装 flannel:

yum install flannel -y


开启聚合层 Aggregation layer:

--requestheader-client-ca-file=/etc/kubernetes/cert/ca.crt \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/etc/kubernetes/cert/kube_proxy.crt \
--proxy-client-key-file=/etc/kubernetes/cert/kube_proxy.key \
--enable-aggregator-routing=true \

选项详解:

--requestheader-client-ca-file= CA证书

--requestheader-allowed-names= 证书CN字段的名称

--requestheader-extra-headers-prefix、--requestheader-group-headers、--requestheader-username-headers 这三个选项照抄即可

--proxy-client-cert-file= 证书

--proxy-client-key-file= 证书秘钥

--enable-aggregator-routing=true  如果未在运行apiserver的主机上运行kube-proxy,则需要开启这项。


在node节点上修改kubelet启动参数:

删除 --read-only-port=0

添加 --authentication-token-webhook=true



部署metrics server:

kubernetes github官方提供的插件:在里面可以找到metrics-server目录。

kubernetes/cluster/addons/

metrics-server部署文件位置如下:

https://github.com/kubernetes/kubernetes/tree/release-1.14/cluster/addons/metrics-server

将文件下载到本地修改并部署即可:

for file in auth-delegator.yaml auth-reader.yaml metrics-apiservice.yaml metrics-server-deployment.yaml metrics-server-service.yaml resource-reader.yaml
do
    wget https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.14/cluster/addons/metrics-server/$file;
done


要修改的有如下几个地方:

metrics-server-deployment.yaml 文件中:

        修改 metrics-server 镜像的 command 参数

        修改 addon-resizer 镜像的 command 参数

resource-reader.yaml 文件中:

        添加一个参数在 rules.resources 下。


下面这些是修改好的 yaml 文件:

auth-delegator.yaml

cat >> auth-delegator.yaml <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metrics-server:system:auth-delegator
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
EOF

auth-reader.yaml

cat >> auth-reader.yaml <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: metrics-server-auth-reader
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
EOF

metrics-apiservice.yaml

cat >> metrics-apiservice.yaml <<EOF
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
  name: v1beta1.metrics.k8s.io
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  service:
    name: metrics-server
    namespace: kube-system
  group: metrics.k8s.io
  version: v1beta1
  insecureSkipTLSVerify: true
  groupPriorityMinimum: 100
  versionPriority: 100
EOF

metrics-server-deployment.yaml

cat >> metrics-server-deployment.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: metrics-server-config
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: EnsureExists
data:
  NannyConfiguration: |-
    apiVersion: nannyconfig/v1alpha1
    kind: NannyConfiguration
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: metrics-server-v0.3.1
  namespace: kube-system
  labels:
    k8s-app: metrics-server
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    version: v0.3.1
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
      version: v0.3.1
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
        version: v0.3.1
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: metrics-server
      containers:
      - name: metrics-server
        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
        command:
        - /metrics-server
        - --metric-resolution=30s
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
        ports:
        - containerPort: 443
          name: https
          protocol: TCP
      - name: metrics-server-nanny
        image: k8s.gcr.io/addon-resizer:1.8.4
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 5m
            memory: 50Mi
        env:
          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: MY_POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        volumeMounts:
        - name: metrics-server-config-volume
          mountPath: /etc/config
        command:
          - /pod_nanny
          - --config-dir=/etc/config
          - --cpu=100m
          - --extra-cpu=0.5m
          - --memory=100Mi
          - --extra-memory=50Mi
          - --threshold=5
          - --deployment=metrics-server-v0.3.1
          - --container=metrics-server
          - --poll-period=300000
          - --estimator=exponential
          # Specifies the smallest cluster (defined in number of nodes)
          # resources will be scaled to.
          - --minClusterSize=2
      volumes:
        - name: metrics-server-config-volume
          configMap:
            name: metrics-server-config
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
EOF

metrics-server-service.yaml

cat >> metrics-server-service.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "Metrics-server"
spec:
  selector:
    k8s-app: metrics-server
  ports:
  - port: 443
    protocol: TCP
    targetPort: https
EOF

resource-reader.yaml

cat >> resource-reader.yaml <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:metrics-server
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - "extensions"
  resources:
  - deployments
  verbs:
  - get
  - list
  - update
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:metrics-server
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
EOF

国内镜像:

registry.cn-hangzhou.aliyuncs.com/ipaipan/metrics-server-amd64:v0.3.1
registry.cn-hangzhou.aliyuncs.com/ipaipan/addon-resizer:1.8.4


查看是否部署成功:

kubectl api-versions | grep metrics
kubectl top nodes