从kubernetes 1.8的版本开始,随着横向扩缩容功能的稳定和提升,HPA支持自定义指标,Cluster Autoscaler提升了性能与错误报告能力; 支持新版的HPA API,相关的API和组件升至稳定版本,比如: resource Metrics API、custom metrics API和metrics-server等。这意味着Metrics Server已经开始使用了。这篇文章介绍一下Metrics Server在Kubernetes上的部署方法。
官方地址:https://github.com/kubernetes-sigs/metrics-server
镜像地址:
链接: https://pan.baidu.com/s/1VquKqXEpwpLPpEduJGl7ug 密码: 9b37
下载yaml文件
wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml
因为直接下载yaml文件,部署之后会出现证书信任,主机名解析等问题,我们对文件稍微修改下
args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls ##不要验证Kubelets提供的服务证书的CA
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname ##确定连接到特定节点的地址时使用的节点地址类型的优先级
在容器启动参数中新增下面两条
修改完后,完整的yaml文件为
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server/metrics-server:v0.3.7
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- name: tmp-dir
mountPath: /tmp
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: "amd64"
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: main-port
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
执行部署指令
kubectl apply -f components.yaml
至此部署完成了,就可以使用内置的top指令了
[root@k8s-master k8s]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master 747m 37% 1132Mi 60%
k8s-node1 94m 4% 594Mi 31%
k8s-node2 73m 3% 605Mi 32%
如果执行kubectl top 指令报错或者没有数据,可以先执行
kubectl get --raw /apis/metrics.k8s.io/v1beta1/nodes
如果可以看到数据说明接口是正常的,稍等下就能看到数据。