亲宝软件园·资讯

展开

kubernetes安装metrics-server资源监控

程序猿(攻城狮) 人气:1

1. Metrics Server 与 kubenetes版本

Metrics Server    Metrics API group/version    Supported Kubernetes version
0.6x    metrics.k8s.io/v1beta1    *1.19+
0.5x    metrics.k8s.io/v1beta1    *1.8+
0.4x    metrics.k8s.io/v1beta1    *1.8+
0.3x    metrics.k8s.io/v1beta1    1.8-1.21

2. Metrics Server 下载方式

github:https://github.com/kubernetes-sigs/metrics-server

3. k8s集群安装部署metrics

本次安装的是metrics0.5.0版本
下载地址:https://github.com/kubernetes-sigs/metrics-server/releases
docker镜像地址:docker pull cnskylee/metrics-server:v0.5.0

4. 创建components-v0.5.0.yaml文件,并将下面的脚本copy到文件中

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  name: system:aggregated-metrics-reader
rules:
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  - nodes
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  - namespaces
  - configmaps
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server-auth-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server:system:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  strategy:
    rollingUpdate:
      maxUnavailable: 0
  template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=4443
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        - --metric-resolution=15s
        - --kubelet-insecure-tls
        image: registry.cn-shenzhen.aliyuncs.com/zengfengjin/metrics-server:v0.5.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /livez
            port: https
            scheme: HTTPS
          periodSeconds: 10
        name: metrics-server
        ports:
        - containerPort: 4443
          name: https
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: https
            scheme: HTTPS
          initialDelaySeconds: 20
          periodSeconds: 10
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
        volumeMounts:
        - mountPath: /tmp
          name: tmp-dir
      nodeSelector:
        kubernetes.io/os: linux
      priorityClassName: system-cluster-critical
      serviceAccountName: metrics-server
      volumes:
      - emptyDir: {}
        name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  labels:
    k8s-app: metrics-server
  name: v1beta1.metrics.k8s.io
spec:
  group: metrics.k8s.io
  groupPriorityMinimum: 100
  insecureSkipTLSVerify: true
  service:
    name: metrics-server
    namespace: kube-system
  version: v1beta1
  versionPriority: 100

需要注意的是端口和镜像地址。

5. 执行部署

kubectl apply -f ./components-v0.5.0.yaml

4.查看metrics-server的pod运行状态

kubectl get pods -n kube-system| egrep 'NAME|metrics-server'

5. 查看运行日志

# kubectl logs metrics-server-56874cd58b-b2gj9 -n kube-system                              
I0418 09:49:44.461828       1 serving.go:341] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key)
I0418 09:49:45.252957       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I0418 09:49:45.252972       1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I0418 09:49:45.252994       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0418 09:49:45.253002       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0418 09:49:45.253142       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0418 09:49:45.253153       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0418 09:49:45.254091       1 secure_serving.go:197] Serving securely on [::]:4443
I0418 09:49:45.254139       1 tlsconfig.go:240] Starting DynamicServingCertificateController
I0418 09:49:45.254342       1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I0418 09:49:45.353087       1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController 
I0418 09:49:45.353087       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file 
I0418 09:49:45.354631       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file 

6.测试kubectl top命令的使用

# kubectl top pods -n kube-system
NAME                                 CPU(cores)   MEMORY(bytes)   
coredns-58cc8c89f4-jdfc7             4m           12Mi            
coredns-58cc8c89f4-z8t26             5m           13Mi            
etcd-k8s-master                      9m           281Mi           
kube-apiserver-k8s-master            22m          296Mi

查看节点资源:

# kubectl top nodes
NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master   96m          2%     9330Mi          59%       
k8s-node83   66m          1%     5829Mi          37%       
k8s-node85   116m         2%     8555Mi          54%

查看默认空间pod资源:

# kubectl top pods
NAME                     CPU(cores)   MEMORY(bytes)   
nginx-6867cdf567-rprv9   0m           1Mi

加载全部内容

相关教程
猜你喜欢
用户评论