新增metric-server组件,可实时查看pod、node的性能指标数据
1、新建components.yaml
Deployment-image修改镜像地址。
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- deployments
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls=true
image: 134.64.15.155:5000/registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.1
imagePullPolicy: Never
command:
- /metrics-server
- --kubelet-insecure-tls=true
- --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
hostNetwork: true
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
2、生成metric-server API
执行命令:
kubectl apply -f components.yaml
若执行出错,删除资源修改后再执行:
kubectl delete serviceaccount metrics-server
kubectl delete ClusterRole system:aggregated-metrics-reader
kubectl delete ClusterRole system:metrics-server
kubectl delete service metrics-server -n kube-system
kubectl delete deploy metrics-server -n kube-system
kubectl delete APIService v1beta1.metrics.k8s.io
查看是否执行成功 :
#“metric-server-XXXX”是否为running状态
kubectl get pods -n kube-system -w
#查看pod日志
kubectl logs -f -n kube-system metrics-server-854c4c96f5-4mznv
#查看apiservice启动成功
kubectl get apiservice| grep metric
#执行以下命令可以看到api多了一个“metrics.k8s.io/v1beta1”:
kubectl api-versions
#查看metric API支持的资源(nodes、pods):
kubectl api-resources | grep metric
3、命令监控node、pod性能指标
kubectl top pods -A
kubectl top nodes
4、请求方式
#获取node指标
curl -k -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Imdqc1dOTXhvNUxxZHRyVDRvaVpMdEYyYl9xVTZveHRHVm5KWjJOWmcweDQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi12aHpnayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjliNTYzMGZlLTczZTYtNGM0ZC04ZjU2LTg1NTc2MTI4NDFiMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.b2iWVnrUzPHO7YdQonvjvagK2NNItZBjP375Be2AuK398_hWO_maHcAW8VPw8dwGzg4t-yQR72VbKCLE27PsHrL7ZzBw0zaJX5LZvcKMKJ2gfO6nZhpLdlQ_S8lzexNChn4N5E1HTJWCkbcCF9AFYC5bttLsPUufvqkDiazhVBLre2KUNgtA-OI44kOwojmjRI43jasHGC1v2LeBQ0LNvu5ZOp9lmKANi7aA2rAR1Me5h22P_YNZGBidrsRKOEot8wyDaYJCbJ_MstqegVD0upR0DMhKtHy1SDjTbFu8Mtu97T4crP6LpNwox0YFGqnX30BDUH_L052AOJgCVt8S1g" https://127.0.0.1:18611/apis/metrics.k8s.io/v1beta1/nodes
#获取pod指标
curl -k -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Imdqc1dOTXhvNUxxZHRyVDRvaVpMdEYyYl9xVTZveHRHVm5KWjJOWmcweDQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi12aHpnayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjliNTYzMGZlLTczZTYtNGM0ZC04ZjU2LTg1NTc2MTI4NDFiMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.b2iWVnrUzPHO7YdQonvjvagK2NNItZBjP375Be2AuK398_hWO_maHcAW8VPw8dwGzg4t-yQR72VbKCLE27PsHrL7ZzBw0zaJX5LZvcKMKJ2gfO6nZhpLdlQ_S8lzexNChn4N5E1HTJWCkbcCF9AFYC5bttLsPUufvqkDiazhVBLre2KUNgtA-OI44kOwojmjRI43jasHGC1v2LeBQ0LNvu5ZOp9lmKANi7aA2rAR1Me5h22P_YNZGBidrsRKOEot8wyDaYJCbJ_MstqegVD0upR0DMhKtHy1SDjTbFu8Mtu97T4crP6LpNwox0YFGqnX30BDUH_L052AOJgCVt8S1g" https://127.0.0.1:18611/apis/metrics.k8s.io/v1beta1/pods
#获取命名空间下pod指标
curl -k -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Imdqc1dOTXhvNUxxZHRyVDRvaVpMdEYyYl9xVTZveHRHVm5KWjJOWmcweDQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi12aHpnayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjliNTYzMGZlLTczZTYtNGM0ZC04ZjU2LTg1NTc2MTI4NDFiMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.b2iWVnrUzPHO7YdQonvjvagK2NNItZBjP375Be2AuK398_hWO_maHcAW8VPw8dwGzg4t-yQR72VbKCLE27PsHrL7ZzBw0zaJX5LZvcKMKJ2gfO6nZhpLdlQ_S8lzexNChn4N5E1HTJWCkbcCF9AFYC5bttLsPUufvqkDiazhVBLre2KUNgtA-OI44kOwojmjRI43jasHGC1v2LeBQ0LNvu5ZOp9lmKANi7aA2rAR1Me5h22P_YNZGBidrsRKOEot8wyDaYJCbJ_MstqegVD0upR0DMhKtHy1SDjTbFu8Mtu97T4crP6LpNwox0YFGqnX30BDUH_L052AOJgCVt8S1g" https://127.0.0.1:18611/apis/metrics.k8s.io/v1beta1/namespaces/kube-system/pods/kube-scheduler-ceph-admin