简单介绍

如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。

测试环境

部署的集群环境,如下:

System Hostname IP
CentOS 7.6 k8s-master 192.168.71.134
CentOS 7.6 k8s-node1 192.168.71.135
CentOS 7.6 k8s-node2 138.138.82.136

操作步骤

1. 下载相关yaml文件

https://github.com/kubernetes-incubator/metrics-server

~]# git clone https://github.com/kubernetes-incubator/metrics-server.git

[root@k8s-master ~]# cd metrics-server/deploy/1.8+/
[root@k8s-master 1.8+]# ll
总用量 28
-rw-r--r-- 1 root root 384 4月 28 09:46 aggregated-metrics-reader.yaml -rw-r--r-- 1 root root 308 4月 28 09:46 auth-delegator.yaml -rw-r--r-- 1 root root 329 4月 28 09:46 auth-reader.yaml -rw-r--r-- 1 root root 298 4月 28 09:46 metrics-apiservice.yaml -rw-r--r-- 1 root root 815 4月 28 09:46 metrics-server-deployment.yaml -rw-r--r-- 1 root root 291 4月 28 09:46 metrics-server-service.yaml -rw-r--r-- 1 root root 502 4月 28 09:46 resource-reader.yaml

2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)

---
apiVersion: v1
kind: ServiceAccount
metadata:name: metrics-servernamespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} containers: - name: metrics-server image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2 # image: k8s.gcr.io/metrics-server-amd64:v0.3.2 imagePullPolicy: IfNotPresent command: - /metrics-server - --kubelet-preferred-address-types=InternalIP - --kubelet-insecure-tls volumeMounts: - name: tmp-dir mountPath: /tmp

注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;

如果不修改command区域的参数则会报如下错误:

E0428 19:35:05.894325       1 manager.go:111] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]

附上metrcs-server命令参数详解:

Usage:[flags]Flags:--alsologtostderr                                         log to standard error as well as files--authentication-kubeconfig string                        kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. --authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster. --authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s) --authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s) --authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s) --bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0) --cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates") --client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate. --contention-profiling Enable lock contention profiling, if profiling is enabled --enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui -h, --help help for this command --http2-max-streams-per-connection int The limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default. --kubeconfig string The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config) --kubelet-certificate-authority string Path to the CA to use to validate the Kubelet's serving certificates. --kubelet-insecure-tls Do not verify CA of serving certificates presented by Kubelets. For testing purposes only. --kubelet-port int The port to use to connect to Kubelets. (default 10250) --kubelet-preferred-address-types strings The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP]) --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --logtostderr log to standard error instead of files (default true) --metric-resolution duration The resolution at which metrics-server will retain metrics. (default 1m0s) --profiling Enable profiling via web interface host:port/debug/pprof/ (default true) --requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. --requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests. --requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-]) --requestheader-group-headers strings List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group]) --requestheader-username-headers strings List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user]) --secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 443) --stderrthreshold severity logs at or above this threshold go to stderr (default 2) --tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir. --tls-cipher-suites strings Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use. Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA --tls-min-version string Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12 --tls-private-key-file string File containing the default x509 private key matching --tls-cert-file. --tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default []) -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging

3. 应用所有配置文件到系统中

[root@k8s-master 1.8+]# kubectl apply -f .
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created serviceaccount/metrics-server created deployment.extensions/metrics-server created service/metrics-server created clusterrole.rbac.authorization.k8s.io/system:metrics-server created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态

[root@k8s-master 1.8+]# kubectl get po -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
calico-node-b78m4                    1/1     Running   0 176m calico-node-r5mlj 1/1 Running 0 3h6m calico-node-z5tdh 1/1 Running 0 176m coredns-fb8b8dccf-6mgks 1/1 Running 0 3h21m coredns-fb8b8dccf-cbtlx 1/1 Running 0 3h21m etcd-k8s-master 1/1 Running 0 3h20m kube-apiserver-k8s-master 1/1 Running 0 3h20m kube-controller-manager-k8s-master 1/1 Running 0 3h20m kube-proxy-c9xd2 1/1 Running 0 3h21m kube-proxy-fp2r2 1/1 Running 0 176m kube-proxy-lrsw7 1/1 Running 0 176m kube-scheduler-k8s-master 1/1 Running 0 3h20m metrics-server-7579f696d8-pgcc4 1/1 Running 0 99s [root@k8s-master 1.8+]# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% k8s-master 179m 8% 1660Mi 43% k8s-node1 81m 4% 908Mi 23% k8s-node2 78m 3% 1036Mi 26%

看的出来,metrics-server已经正常running,并且能够获取节点的信息。

转载于:https://www.cnblogs.com/fuyuteng/p/10904528.html

kubernetes 1.14安装部署metrics-server插件相关推荐

  1. kubernetes 1.14安装部署helm插件

    简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...

  2. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  3. Kubernetes 生产环境安装部署 基于 Kubernetes v1.14.0 之 etcd集群

    说明:没有明确注明在某台服务器,都是在k8s-operation 工作服务器完成 K8S node 节点数大于2000 节点 k8s-operation 目录规划,工作目录/apps/work/k8s ...

  4. k8s 1.14部署metrics server显示running但是报ServiceUnavailable错误

    k8s 1.14部署metrics server显示running但是报ServiceUnavailable错误 查看metrics server日志: [root@master metrics-se ...

  5. 安装部署Exchange Server 2010 CAS NLB MailBox DAG

    安装部署Exchange Server 2010 CAS NLB & MailBox DAG 注:本文档描写了安装部署Exchange Server 2010 NLB+DAG方面的操作步骤,如 ...

  6. 「数据库」Linux服务安装部署SQL Server -外网安全远程连接【端口映射】

    文章目录 1. 安装sql server 2. 局域网测试连接 3. 安装cpolar内网穿透 4. 将sqlserver映射到公网 5. 公网远程连接 6.固定连接公网地址 7.使用固定公网地址连接 ...

  7. Kubernetes 【监控】1. Metrics Server、Aggregator APIServer和Prometheus监控体系

    文章目录 1. 背景 2. 简介 3. 监控对象类型 4. Metrics Server简介 5. Metrics Server部署 5.1 下载并解压Metrics-Server 5.2 修改Met ...

  8. 《微软文档管理解决方案2007》之一:安装部署 - [SharePoint Server]

    微软在2007年底发布了几个基于MOSS 2007的解决方案(具体参看:http://bbs.msotec.net/ShowForum.aspx?ForumID=39). 最近就其中的"微软 ...

  9. day95-容器编排-kubernetes介绍与安装部署

    kubernetes 一.容器编排工具 docker machine docker compose docker swarm docker service docker stack kubernete ...

  10. 云原生|kubernetes|centos下安装部署kubeapps以及简单的使用示例

    前言: kubeapps是Bitnami公司的一个项目,其目的是为Kubernetes的使用者们提供已经打包好的应用仪表盘,它拥有网页界面可以更方便的部署和管理k8s 原生应用. 包含绝大多数的云原生 ...

最新文章

  1. new Date() 在 ie 浏览器中兼容性的问题
  2. PYthon3:函数实现“自动售卖机”功能
  3. 如何跟程序员谈一场没有Bug的恋爱
  4. C#异常处理机制初步
  5. Android Studio 选项菜单和动画结合_Android 应用与iOS 应用之间的设计差异对比!
  6. 工作中遇到的错误记录
  7. 状态机finite-state machine学习笔记2——按键消抖初步(1)
  8. 专访李运华:程序员如何在技术上提升自己
  9. android studio闹钟小程序,闹钟应用程序Android Studio
  10. 注意力机制在视觉中的实战
  11. 阿里云服务器Ubuntu系统搭建mqtt服务器
  12. 从PLC ,PAC ,到施耐德的自动化开放系统
  13. 微信任务(投票)分发平台
  14. P问题、NP问题、NP完全问题和NP-hard问题
  15. Java培训机构哪家好,不靠谱的有哪些
  16. C#蓝牙链接+传输文件
  17. 谷歌浏览器那些有趣的隐藏功能
  18. c语言循环队列的销毁,C语言循环队列
  19. 手机图片中文翻译为英文
  20. 【附源码】计算机毕业设计java学生档案管理系统设计与实现

热门文章

  1. java文件编译后,出现xx$1.class的原因
  2. git回滚到某个版本操作
  3. python三级菜单的实现
  4. SSIS高级转换任务—导出列
  5. java.lang.IllegalArgumentException: No enum constant org.apache.ws.commons.schema.XmlSchemaForm.
  6. esp32-智能语音-mp3(sdcard)
  7. ios换肤思想,及工具类
  8. 多线程开发必须知道的概念
  9. c#中动态调用webService
  10. Java开发笔记(一百三十五)Swing的文件对话框