metrics-server部署和介绍
原创2024-03-30 14:42·lisanmengmeng
metrics-server部署和介绍
一:架构
二:一些错误记录
Q1:key failed with : missing content for CA bundle "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
没有开启 API 聚合功能
修改kube-apiserver参数
vi /etc/kubernetes/manifests/kube-apiserver.yaml
- --enable-aggregator-routing=true
权限不足
#增加metrics-server权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- deployments
verbs:
- get
- list
- watch
Q2:kubectl top nodes
Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)
查看信息
kubectl describe apiservice v1beta1.metrics.k8s.io
curl -k https://192.168.10.143:443/apis/metrics.k8s.io/v1beta1
检查发现是由于调用metrics-server无权限,返回了http 403错误
解决方法:
1、授权集群角色给用户system:anonymous
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
2、创建system:metrics-server /aggregator 角色并授权
proxy-client-csr.json
{
"CN": "aggregator",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Shenzhen",
"ST": "Shenzhen",
"O": "system:masters",
"OU": "System"
}
]
}
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes proxy-client-csr.json | cfssljson -bare aggregator-proxy-client
/etc/kubernetes/apiserver.conf
--runtime-config=api/all=true \
--requestheader-allowed-names=aggregator \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem \
--proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem \
--proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem \
三:mertrics部署
#导入镜像
nerdctl load -i metrics-server.tgz
docker load -i metrics-server.tar
git clone http://192.168.102.84:10080/devops/meta-tools/k8s-components.git
# Chart Version: 3.8.4
helm install metrics-server metrics-server/ -f metrics-server/values-custom.yaml
#部署指定版本
helm install metrics-server metrics-server/ --set image.tag='v0.6.3' -f metrics-server/values-custom.yaml
#查看node 或 pods 的cpu