【云原生】kubernetes v1.18部署Metrics-Server:v0.3.6
文章目录
-
-
- 一、概述
- 二、部署metrics-server
-
一、概述
介绍 Metrics Server 前首先介绍一下 Heapster,该工具是用于 Kubernetes 集群监控和性能分析工具,可以收集节点上的指标数据,例如,节点的 CPU、Memory、Network 和 Disk 的 Metric 数据。不过在 Kubernetes V1.11 版本后将被逐渐废弃。而 Metrics Server 正是 Heapster 的代替者。
Metrics Server 是 Kubernetes 集群核心监控数据的聚合器,Metrics Server 从 Kubelet 收集资源指标,并通过 Merics API 在 Kubernetes APIServer 中提供给缩放资源对象 HPA 使用。也可以通过 Metrics API 提供的 Kubectl top 查看 Pod 资源占用情况,从而实现对资源的自动缩放。
需要注意的是:
- metric-server提供的是实时的指标(实际是最近一次采集的数据,保存在内存中),并没有数据库来存储;
- 这些数据指标并非由metric-server本身采集,而是由每个节点上的cadvisor采集,metric-server只是发请求给cadvisor并将metric格式的数据转换成aggregate api;
- 由于需要通过aggregate api来提供接口,需要集群中的kube-apiserver开启该功能
二、部署metrics-server
- 创建components.yaml文件,将内容复制进去
vim components.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: system:aggregated-metrics-readerlabels:rbac.authorization.k8s.io/aggregate-to-view: "true"rbac.authorization.k8s.io/aggregate-to-edit: "true"rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: metrics-server:system:auth-delegator
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:auth-delegator
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: metrics-server-auth-readernamespace: kube-system
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:name: v1beta1.metrics.k8s.io
spec:service:name: metrics-servernamespace: kube-systemgroup: metrics.k8s.ioversion: v1beta1insecureSkipTLSVerify: truegroupPriorityMinimum: 100versionPriority: 100
---
apiVersion: v1
kind: ServiceAccount
metadata:name: metrics-servernamespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:name: metrics-servernamespace: kube-systemlabels:k8s-app: metrics-server
spec:selector:matchLabels:k8s-app: metrics-servertemplate:metadata:name: metrics-serverlabels:k8s-app: metrics-serverspec:serviceAccountName: metrics-servervolumes:# mount in tmp so we can safely use from-scratch images and/or read-only containers- name: tmp-diremptyDir: {}containers:- name: metrics-serverimage: mirrorgooglecontainers/metrics-server-amd64:v0.3.6imagePullPolicy: IfNotPresentcommand:- /metrics-server- --kubelet-preferred-address-types=InternalIP- --kubelet-insecure-tls- --v=2args:- --cert-dir=/tmp- --secure-port=4443ports:- name: main-portcontainerPort: 4443protocol: TCPsecurityContext:readOnlyRootFilesystem: truerunAsNonRoot: truerunAsUser: 1000volumeMounts:- name: tmp-dirmountPath: /tmpnodeSelector:kubernetes.io/os: linuxkubernetes.io/arch: "amd64"
---
apiVersion: v1
kind: Service
metadata:name: metrics-servernamespace: kube-systemlabels:kubernetes.io/name: "Metrics-server"kubernetes.io/cluster-service: "true"
spec:selector:k8s-app: metrics-serverports:- port: 443protocol: TCPtargetPort: main-port
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: system:metrics-server
rules:
- apiGroups:- ""resources:- pods- nodes- nodes/stats- namespaces- configmapsverbs:- get- list- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: system:metrics-server
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:metrics-server
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
网上有很多是通过从github上下载yaml文件内容,然后进行更改的,但是实际执行起来就会出现这样那样的问题,要不是镜像拉不下来,要不各种报错,这个yaml文件内容已经是经过修改的,可以直接执行,即可成功。
- 执行components.yaml
kubectl apply -f components.yaml
- 验证Metrics Server组件部署成功
- 查看原生apiserver是否有metrics.k8s.io/v1beta1
[root@k8s-master1 ~]# kubectl api-versions|grep metrics
metrics.k8s.io/v1beta1
可以看到metrics.k8s.io/v1beta1群组已经注册到原生apiserver上。
- 查看metrics server pod是否运行正常
[root@k8s-master1 ~]# kubectl get pods -n kube-system |grep metrics
metrics-server-5dfbdf76fd-hrjdl 1/1 Running 1 12h
可以看到对应pod已经正常运行,接着查看pod日志kubectl logs -f pod/[pod名称] -n kube-system,只要metrics server pod没有出现错误日志,或者无法注册等信息,就表示pod里的容器运行正常。
- 使用kubectl top 命令查看pod的cpu ,内存占比,看看对应命令是否可以正常执行。
[root@k8s-master1 ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master1 295m 7% 866Mi 11%
k8s-master2 273m 6% 1147Mi 14%
k8s-master3 233m 5% 669Mi 8%
k8s-node1 92m 2% 483Mi 6%
