k8s-v1.18安装Metrics-Server

时间:2021-7-5 作者:qvyue

Metrics-Server概念介绍

Metrics-Server是集群核心监控数据的聚合器,在k8s早期版本中,对资源的监控使用的是heapster的资源监控工具。但是从 Kubernetes 1.8 开始,Kubernetes 通过 Metrics API 获取资源使用指标,例如容器 CPU 和内存使用情况。这些度量指标可以由用户直接访问,例如通过使用kubectl top 命令,或者使用集群中的控制器,,因为k8s的api-server将所有的数据持久化到了etcd中,显然k8s本身不能处理这种频率的采集,而且这种监控数据变化快且都是临时数据,因此需要有一个组件单独处理他们.

环境:K8s-v1.18、Docker-18.06.1-ce

一、修改配置

1、检查 API Server 是否开启了 Aggregator Routing:查看 API Server 是否具有 –enable-aggregator-routing=true 选项。

[root@k8s-master manifests]# ps -ef | grep apiserver

root      22008  21989  4 19:33 ?        00:06:37 kube-apiserver –advertise-address=192.168.181.142 –allow-privileged=true –authorization-mode=Node,RBAC –client-ca-file=/etc/kubernetes/pki/ca.crt –enable-admission-plugins=NodeRestriction –enable-bootstrap-token-auth=true  –etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt –etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt –etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key –etcd-servers=https://127.0.0.1:2379 –insecure-port=0 –kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt –kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key –kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname –proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt –proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key –requestheader-allowed-names=front-proxy-client –requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt –requestheader-extra-headers-prefix=X-Remote-Extra- –requestheader-group-headers=X-Remote-Group –requestheader-username-headers=X-Remote-User –secure-port=6443 –service-account-key-file=/etc/kubernetes/pki/sa.pub –service-cluster-ip-range=10.1.0.0/16 –tls-cert-file=/etc/kubernetes/pki/apiserver.crt –tls-private-key-file=/etc/kubernetes/pki/apiserver.key

root      66924  57038  0 21:47 pts/0    00:00:00 grep –color=auto apiserver

2、修改每个 API Server 的 kube-apiserver.yaml 配置开启 Aggregator Routing:修改 manifests 配置后 API Server 会自动重启生效。

vim /etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1

kind: Pod

metadata:

  annotations:

    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.10.253:6443

  creationTimestamp: null

  labels:

    component: kube-apiserver

    tier: control-plane

  name: kube-apiserver

  namespace: kube-system

spec:

  containers:

  – command:

    – kube-apiserver

    – –advertise-address=192.168.10.253

    – –allow-privileged=true

    – –authorization-mode=Node,RBAC

    – –client-ca-file=/etc/kubernetes/pki/ca.crt

    – –enable-admission-plugins=NodeRestriction

    – –enable-bootstrap-token-auth=true

    – –enable-aggregator-routing=true #添加本行

    – –etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt

    – –etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt

    – –etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key

    – –etcd-servers=https://127.0.0.1:2379

    – –insecure-port=0

    – –kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt

    – –kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key

    – –kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname

    – –proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt

    – –proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key

    – –requestheader-allowed-names=front-proxy-client

    – –requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt

    – –requestheader-extra-headers-prefix=X-Remote-Extra-

    – –requestheader-group-headers=X-Remote-Group

    – –requestheader-username-headers=X-Remote-User

    – –secure-port=6443

    – –service-account-key-file=/etc/kubernetes/pki/sa.pub

    – –service-cluster-ip-range=10.1.0.0/16

    – –tls-cert-file=/etc/kubernetes/pki/apiserver.crt

    – –tls-private-key-file=/etc/kubernetes/pki/apiserver.key

    image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.18.0

    imagePullPolicy: IfNotPresent

    livenessProbe:

      failureThreshold: 8

      httpGet:

        host: 192.168.10.253

        path: /healthz

        port: 6443

        scheme: HTTPS

      initialDelaySeconds: 15

      timeoutSeconds: 15

    name: kube-apiserver

    resources:

      requests:

        cpu: 250m

    volumeMounts:

    – mountPath: /etc/ssl/certs

      name: ca-certs

      readOnly: true

    – mountPath: /etc/pki

      name: etc-pki

      readOnly: true

    – mountPath: /etc/kubernetes/pki

      name: k8s-certs

      readOnly: true

  hostNetwork: true

  priorityClassName: system-cluster-critical

  volumes:

  – hostPath:

      path: /etc/ssl/certs

      type: DirectoryOrCreate

    name: ca-certs

  – hostPath:

      path: /etc/pki

      type: DirectoryOrCreate

    name: etc-pki

  – hostPath:

      path: /etc/kubernetes/pki

      type: DirectoryOrCreate

    name: k8s-certs

status: {}

二、安装metrics-server(v0.3.6)

1、下载yaml文件

wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml

2、修改components.yaml文件

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  name: system:aggregated-metrics-reader

  labels:

    rbac.authorization.k8s.io/aggregate-to-view: “true”

    rbac.authorization.k8s.io/aggregate-to-edit: “true”

    rbac.authorization.k8s.io/aggregate-to-admin: “true”

rules:

– apiGroups: [“metrics.k8s.io”]

  resources: [“pods”, “nodes”]

  verbs: [“get”, “list”, “watch”]

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: metrics-server:system:auth-delegator

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:auth-delegator

subjects:

– kind: ServiceAccount

  name: metrics-server

  namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: metrics-server-auth-reader

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: extension-apiserver-authentication-reader

subjects:

– kind: ServiceAccount

  name: metrics-server

  namespace: kube-system

apiVersion: apiregistration.k8s.io/v1beta1

kind: APIService

metadata:

  name: v1beta1.metrics.k8s.io

spec:

  service:

    name: metrics-server

    namespace: kube-system

  group: metrics.k8s.io

  version: v1beta1

  insecureSkipTLSVerify: true

  groupPriorityMinimum: 100

  versionPriority: 100

apiVersion: v1

kind: ServiceAccount

metadata:

  name: metrics-server

  namespace: kube-system

apiVersion: apps/v1

kind: Deployment

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    k8s-app: metrics-server

spec:

  selector:

    matchLabels:

      k8s-app: metrics-server

  template:

    metadata:

      name: metrics-server

      labels:

        k8s-app: metrics-server

    spec:

      serviceAccountName: metrics-server

      volumes:

      # mount in tmp so we can safely use from-scratch images and/or read-only containers

      – name: tmp-dir

        emptyDir: {}

      containers:

      – name: metrics-server

      image: registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 #修改为阿里云的镜像地址

        imagePullPolicy: IfNotPresent

        args:

          – –cert-dir=/tmp

          – –secure-port=4443

          – /metrics-server #新增

          – –kubelet-preferred-address-types=InternalIP #新增

          – –kubelet-insecure-tls #新增

        ports:

        – name: main-port

          containerPort: 4443

          protocol: TCP

        securityContext:

          readOnlyRootFilesystem: true

          runAsNonRoot: true

          runAsUser: 1000

        volumeMounts:

        – name: tmp-dir

          mountPath: /tmp

      nodeSelector:

        kubernetes.io/os: linux

        kubernetes.io/arch: “amd64”

apiVersion: v1

kind: Service

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    kubernetes.io/name: “Metrics-server”

    kubernetes.io/cluster-service: “true”

spec:

  selector:

    k8s-app: metrics-server

  ports:

  – port: 443

    protocol: TCP

    targetPort: main-port

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  name: system:metrics-server

rules:

– apiGroups:

  – “”

  resources:

  – pods

  – nodes

  – nodes/stats

  – namespaces

  – configmaps

  verbs:

  – get

  – list

  – watch

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: system:metrics-server

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:metrics-server

subjects:

– kind: ServiceAccount

  name: metrics-server

  namespace: kube-system

3、安装

kubectl apply -f components.yaml

4、查看metrics-server服务状态

[root@k8s-master manifests]# kubectl get pod -n kube-system | grep metrics-server

metrics-server-59dd47f7d9-qbsgq      1/1    Running  0          9m32s

5、检查接口是否有异常

[root@k8s-master manifests]# kubectl describe apiservice v1beta1.metrics.k8s.io

Name:        v1beta1.metrics.k8s.io

Namespace:   

Labels:     

Annotations:  API Version:  apiregistration.k8s.io/v1

Kind:        APIService

Metadata:

  Creation Timestamp:  2021-02-26T07:55:08Z

  Resource Version:    1948553

  Self Link:          /apis/apiregistration.k8s.io/v1/apiservices/v1beta1.metrics.k8s.io

  UID:                515535ec-3766-4d8a-a6fe-c7b21781ae81

Spec:

  Group:                    metrics.k8s.io

  Group Priority Minimum:    100

  Insecure Skip TLS Verify:  true

  Service:

    Name:            metrics-server

    Namespace:      kube-system

    Port:            443

  Version:          v1beta1

  Version Priority:  100

Status:

  Conditions:

    Last Transition Time:  2021-02-26T07:55:15Z

    Message:              all checks passed

    Reason:                Passed

    Status:                True

    Type:                  Available

Events:                   

6、执行以下命令,检查节点占用性能情况。

[root@k8s-master manifests]# kubectl top nodes

NAME        CPU(cores)  CPU%  MEMORY(bytes)  MEMORY% 

k8s-master  261m        6%    1222Mi          15%     

k8s-node1    144m        3%    702Mi          9%       

k8s-node2    50m          5%    535Mi          31%

[root@k8s-master manifests]# kubectl top pods

NAME                  CPU(cores)  MEMORY(bytes) 

liu-nginx              0m          6Mi           

nginx                  0m          4Mi           

web-694d958794-52mj9  1m          3Mi           

web-694d958794-dmpv8  1m          3Mi           

web-694d958794-tv6nc  1m          5Mi 

声明:本文内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:qvyue@qq.com 进行举报,并提供相关证据,工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。