kubernetes 1.14安装部署metrics-server插件
简单介绍:
如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。
测试环境:
部署的集群环境,如下:
System | Hostname | IP |
CentOS 7.6 | k8s-master | 192.168.71.134 |
CentOS 7.6 | k8s-node1 | 192.168.71.135 |
CentOS 7.6 | k8s-node2 | 138.138.82.136 |
操作步骤:
1. 下载相关yaml文件
https://github.com/kubernetes-incubator/metrics-server
~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/ [root@k8s-master 1.8+]# ll 总用量 28 -rw-r--r-- 1 root root 384 4月 28 09:46 aggregated-metrics-reader.yaml -rw-r--r-- 1 root root 308 4月 28 09:46 auth-delegator.yaml -rw-r--r-- 1 root root 329 4月 28 09:46 auth-reader.yaml -rw-r--r-- 1 root root 298 4月 28 09:46 metrics-apiservice.yaml -rw-r--r-- 1 root root 815 4月 28 09:46 metrics-server-deployment.yaml -rw-r--r-- 1 root root 291 4月 28 09:46 metrics-server-service.yaml -rw-r--r-- 1 root root 502 4月 28 09:46 resource-reader.yaml
2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)
--- apiVersion: v1 kind: ServiceAccount metadata:name: metrics-servernamespace: kube-system --- apiVersion: extensions/v1beta1 kind: Deployment metadata:name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} containers: - name: metrics-server image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2 # image: k8s.gcr.io/metrics-server-amd64:v0.3.2 imagePullPolicy: IfNotPresent command: - /metrics-server - --kubelet-preferred-address-types=InternalIP - --kubelet-insecure-tls volumeMounts: - name: tmp-dir mountPath: /tmp
注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;
如果不修改command区域的参数则会报如下错误:
E0428 19:35:05.894325 1 manager.go:111] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]
附上metrcs-server命令参数详解:
Usage:[flags]Flags:--alsologtostderr log to standard error as well as files--authentication-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io. --authentication-skip-lookup If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster. --authentication-token-webhook-cache-ttl duration The duration to cache responses from the webhook token authenticator. (default 10s) --authorization-kubeconfig string kubeconfig file pointing at the 'core' kubernetes server with enough rights to create subjectaccessreviews.authorization.k8s.io. --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 10s) --authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s) --bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0) --cert-dir string The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates") --client-ca-file string If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate. --contention-profiling Enable lock contention profiling, if profiling is enabled --enable-swagger-ui Enables swagger ui on the apiserver at /swagger-ui -h, --help help for this command --http2-max-streams-per-connection int The limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default. --kubeconfig string The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config) --kubelet-certificate-authority string Path to the CA to use to validate the Kubelet's serving certificates. --kubelet-insecure-tls Do not verify CA of serving certificates presented by Kubelets. For testing purposes only. --kubelet-port int The port to use to connect to Kubelets. (default 10250) --kubelet-preferred-address-types strings The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP]) --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --logtostderr log to standard error instead of files (default true) --metric-resolution duration The resolution at which metrics-server will retain metrics. (default 1m0s) --profiling Enable profiling via web interface host:port/debug/pprof/ (default true) --requestheader-allowed-names strings List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. --requestheader-client-ca-file string Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests. --requestheader-extra-headers-prefix strings List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-]) --requestheader-group-headers strings List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group]) --requestheader-username-headers strings List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user]) --secure-port int The port on which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS at all. (default 443) --stderrthreshold severity logs at or above this threshold go to stderr (default 2) --tls-cert-file string File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir. --tls-cipher-suites strings Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use. Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA --tls-min-version string Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12 --tls-private-key-file string File containing the default x509 private key matching --tls-cert-file. --tls-sni-cert-key namedCertKey A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default []) -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
3. 应用所有配置文件到系统中
[root@k8s-master 1.8+]# kubectl apply -f . clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created serviceaccount/metrics-server created deployment.extensions/metrics-server created service/metrics-server created clusterrole.rbac.authorization.k8s.io/system:metrics-server created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态
[root@k8s-master 1.8+]# kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE calico-node-b78m4 1/1 Running 0 176m calico-node-r5mlj 1/1 Running 0 3h6m calico-node-z5tdh 1/1 Running 0 176m coredns-fb8b8dccf-6mgks 1/1 Running 0 3h21m coredns-fb8b8dccf-cbtlx 1/1 Running 0 3h21m etcd-k8s-master 1/1 Running 0 3h20m kube-apiserver-k8s-master 1/1 Running 0 3h20m kube-controller-manager-k8s-master 1/1 Running 0 3h20m kube-proxy-c9xd2 1/1 Running 0 3h21m kube-proxy-fp2r2 1/1 Running 0 176m kube-proxy-lrsw7 1/1 Running 0 176m kube-scheduler-k8s-master 1/1 Running 0 3h20m metrics-server-7579f696d8-pgcc4 1/1 Running 0 99s [root@k8s-master 1.8+]# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% k8s-master 179m 8% 1660Mi 43% k8s-node1 81m 4% 908Mi 23% k8s-node2 78m 3% 1036Mi 26%
看的出来,metrics-server已经正常running,并且能够获取节点的信息。
转载于:https://www.cnblogs.com/fuyuteng/p/10904528.html
kubernetes 1.14安装部署metrics-server插件相关推荐
- kubernetes 1.14安装部署helm插件
简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...
- kubernetes 1.14安装部署dashboard
简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...
- Kubernetes 生产环境安装部署 基于 Kubernetes v1.14.0 之 etcd集群
说明:没有明确注明在某台服务器,都是在k8s-operation 工作服务器完成 K8S node 节点数大于2000 节点 k8s-operation 目录规划,工作目录/apps/work/k8s ...
- k8s 1.14部署metrics server显示running但是报ServiceUnavailable错误
k8s 1.14部署metrics server显示running但是报ServiceUnavailable错误 查看metrics server日志: [root@master metrics-se ...
- 安装部署Exchange Server 2010 CAS NLB MailBox DAG
安装部署Exchange Server 2010 CAS NLB & MailBox DAG 注:本文档描写了安装部署Exchange Server 2010 NLB+DAG方面的操作步骤,如 ...
- 「数据库」Linux服务安装部署SQL Server -外网安全远程连接【端口映射】
文章目录 1. 安装sql server 2. 局域网测试连接 3. 安装cpolar内网穿透 4. 将sqlserver映射到公网 5. 公网远程连接 6.固定连接公网地址 7.使用固定公网地址连接 ...
- Kubernetes 【监控】1. Metrics Server、Aggregator APIServer和Prometheus监控体系
文章目录 1. 背景 2. 简介 3. 监控对象类型 4. Metrics Server简介 5. Metrics Server部署 5.1 下载并解压Metrics-Server 5.2 修改Met ...
- 《微软文档管理解决方案2007》之一:安装部署 - [SharePoint Server]
微软在2007年底发布了几个基于MOSS 2007的解决方案(具体参看:http://bbs.msotec.net/ShowForum.aspx?ForumID=39). 最近就其中的"微软 ...
- day95-容器编排-kubernetes介绍与安装部署
kubernetes 一.容器编排工具 docker machine docker compose docker swarm docker service docker stack kubernete ...
- 云原生|kubernetes|centos下安装部署kubeapps以及简单的使用示例
前言: kubeapps是Bitnami公司的一个项目,其目的是为Kubernetes的使用者们提供已经打包好的应用仪表盘,它拥有网页界面可以更方便的部署和管理k8s 原生应用. 包含绝大多数的云原生 ...
最新文章
- new Date() 在 ie 浏览器中兼容性的问题
- PYthon3:函数实现“自动售卖机”功能
- 如何跟程序员谈一场没有Bug的恋爱
- C#异常处理机制初步
- Android Studio 选项菜单和动画结合_Android 应用与iOS 应用之间的设计差异对比!
- 工作中遇到的错误记录
- 状态机finite-state machine学习笔记2——按键消抖初步(1)
- 专访李运华:程序员如何在技术上提升自己
- android studio闹钟小程序,闹钟应用程序Android Studio
- 注意力机制在视觉中的实战
- 阿里云服务器Ubuntu系统搭建mqtt服务器
- 从PLC ,PAC ,到施耐德的自动化开放系统
- 微信任务(投票)分发平台
- P问题、NP问题、NP完全问题和NP-hard问题
- Java培训机构哪家好,不靠谱的有哪些
- C#蓝牙链接+传输文件
- 谷歌浏览器那些有趣的隐藏功能
- c语言循环队列的销毁,C语言循环队列
- 手机图片中文翻译为英文
- 【附源码】计算机毕业设计java学生档案管理系统设计与实现
热门文章
- java文件编译后,出现xx$1.class的原因
- git回滚到某个版本操作
- python三级菜单的实现
- SSIS高级转换任务—导出列
- java.lang.IllegalArgumentException: No enum constant org.apache.ws.commons.schema.XmlSchemaForm.
- esp32-智能语音-mp3(sdcard)
- ios换肤思想,及工具类
- 多线程开发必须知道的概念
- c#中动态调用webService
- Java开发笔记(一百三十五)Swing的文件对话框