1.创建并分发证书
a.配置
cat > metrics-server-csr.json <<EOF
{
“CN”: “aggregator”,
“hosts”: [],
“key”: {
“algo”: “rsa”,
“size”: 2048
},
“names”: [
{
“C”: “CN”,
“ST”: “BeiJing”,
“L”: “BeiJing”,
“O”: “k8s”,
“OU”: “4Paradigm”
}
]
}
EOF
b.生成
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem
-ca-key=/etc/kubernetes/cert/ca-key.pem
-config=/etc/kubernetes/cert/ca-config.json
-profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server
c.分发
for node_ip in ${NODE_IPS[@]}
do
echo ">>>
n
o
d
e
i
p
"
s
c
p
m
e
t
r
i
c
s
−
s
e
r
v
e
r
∗
.
p
e
m
r
o
o
t
@
{node_ip}" scp metrics-server*.pem root@
nodeip"scpmetrics−server∗.pemroot@{node_ip}:/etc/kubernetes/cert/
done
2.修改配置
kube-apiserver添加参数并重启,参考6.2中标红配置
–requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem
–requestheader-allowed-names=""
–requestheader-extra-headers-prefix=“X-Remote-Extra-”
–requestheader-group-headers=X-Remote-Group
–requestheader-username-headers=X-Remote-User
–proxy-client-cert-file=/etc/kubernetes/cert/metrics-server.pem
–proxy-client-key-file=/etc/kubernetes/cert/metrics-server-key.pem
–runtime-config=api/all=true
kube-controller-manager添加参数并重启,参考6.3中标红配置
–horizontal-pod-autoscaler-use-rest-clients=true
3.修改插件配置文件 文件目录cluster/addons/metrics-server/
vim metrics-server-deployment.yaml
< image: k8s.gcr.io/metrics-server-amd64:v0.2.1
image: mirrorgooglecontainers/metrics-server-amd64:v0.2.1
< - --source=kubernetes.summary_api:’’
- --source=kubernetes.summary_api:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250
< image: k8s.gcr.io/addon-resizer:1.8.1
image: siriuszg/addon-resizer:1.8.1
4.授予 kube-system:metrics-server ServiceAccount 访问 kubelet API 的权限:
cat > auth-kubelet.yaml <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:kubelet-api-admin
labels:
kubernetes.io/cluster-service: “true”
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kubelet-api-admin
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
EOF
5.执行文件
kubectl create -f .
输出
clusterrolebinding.rbac.authorization.k8s.io “metrics-server:system:auth-delegator” created
clusterrolebinding.rbac.authorization.k8s.io “metrics-server:system:kubelet-api-admin” created
rolebinding.rbac.authorization.k8s.io “metrics-server-auth-reader” created
apiservice.apiregistration.k8s.io “v1beta1.metrics.k8s.io” created
serviceaccount “metrics-server” created
configmap “metrics-server-config” created
deployment.extensions “metrics-server-v0.2.1” created
service “metrics-server” created
clusterrole.rbac.authorization.k8s.io “system:metrics-server” created
clusterrolebinding.rbac.authorization.k8s.io “system:metrics-server” created
6.查看状态
kubectl get pods -n kube-system |grep metrics-server
metrics-server-v0.2.1-86946dfbfb-xpdtf 2/2 Running 0 33s
kubectl get svc -n kube-system|grep metrics-server
metrics-server ClusterIP 10.254.39.222 443/TCP 43s
7.查看 metrcs-server 输出的 metrics
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/resource-metrics-api.md
访问
https://123.56.41.163:6443/apis/metrics.k8s.io/v1beta1/nodes
{
“paths”: [
“/apis”,
“/apis/”,
“/apis/apiextensions.k8s.io”,
“/apis/apiextensions.k8s.io/v1beta1”,
“/healthz”,
“/healthz/etcd”,
“/healthz/ping”,
“/healthz/poststarthook/generic-apiserver-start-informers”,
“/healthz/poststarthook/start-apiextensions-controllers”,
“/healthz/poststarthook/start-apiextensions-informers”,
“/metrics”,
“/openapi/v2”,
“/swagger-2.0.0.json”,
“/swagger-2.0.0.pb-v1”,
“/swagger-2.0.0.pb-v1.gz”,
“/swagger-ui/”,
“/swagger.json”,
“/swaggerapi”,
“/version”
]
}
https://123.56.41.163:6443/apis/metrics.k8s.io/v1beta1/pods
https://123.56.41.163:6443/apis/metrics.k8s.io/v1beta1/namespace/pods/
或者
kubectl get --raw apis/metrics.k8s.io/v1beta1/nodes
kubectl get --raw apis/metrics.k8s.io/v1beta1/pods
kubectl get --raw apis/metrics.k8s.io/v1beta1/namespace/pods/