基于 Kubernetes v1.14.0 之 metrics-server 部署

1、部署准备

说明：所有的容器组都运行在kube-system 命名空间
本文参考https://github.com/kubernetes-incubator/metrics-server
创建metrics-server  运行的label
kubectl label nodes  k8s-node-01  metrics=yes
kubectl label nodes  k8s-node-02  metrics=yes
metrics-server  版本为最新v0.3.3

2、metrics-server 服务相关yaml

2.1 aggregated-metrics-reader

vi aggregated-metrics-reader.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: system:aggregated-metrics-reader
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

2.2 auth-delegator

vi auth-delegator.yaml
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: metrics-server:system:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system

2.3 auth-reader

vi auth-reader.yaml
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: metrics-server-auth-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system

2.4 metrics-apiservice

vi metrics-apiservice.yaml
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
  name: v1beta1.metrics.k8s.io
spec:
  service:
    name: metrics-server
    namespace: kube-system
  group: metrics.k8s.io
  version: v1beta1
  insecureSkipTLSVerify: true
  groupPriorityMinimum: 100
  versionPriority: 100

2.5 metrics-server-deployment

vi metrics-server-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    k8s-app: metrics-server
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      tolerations:
        - effect: NoSchedule
          key: node.kubernetes.io/unschedulable
          operator: Exists
        - key: NoSchedule
          operator: Exists
          effect: NoSchedule
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: juestnow/metrics-server-amd64:v0.3.3
        imagePullPolicy: Always
        command:
        - /metrics-server
        - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
        - --kubelet-insecure-tls
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp
      nodeSelector:
        metrics: "yes"

2.6 metrics-server-service

vi metrics-server-service.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    kubernetes.io/name: "Metrics-server"
spec:
  selector:
    k8s-app: metrics-server
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443

2.7 resource-reader

vi resource-reader.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:metrics-server
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system

3、执行生成yaml 文件

kubectl apply -f .

4、验证metrics-server 状态

[root@jenkins metrics-server]# kubectl get pod -A | grep metrics-server
kube-system      metrics-server-5b98cf887-kmc6z              1/1     Running   0          18m
[root@jenkins metrics-server]# kubectl get service -A | grep metrics-server   
kube-system   metrics-server              ClusterIP   10.64.53.220    <none>        443/TCP                  34d
https://10.64.53.220
返回json 内容正常
验证pod node cpu内存使用率 新版k8s 已经使用metrics-server 作为监控不在使用heapster监控cpu内存等
返回正常数据证明 metrics-server  一切正常当然我们可以给 metrics-server 签发证书现在默认是自动生成的证书
[root@jenkins metrics-server]# kubectl top pods
NAME                                      CPU(cores)   MEMORY(bytes)   
myip-7ddc5b85f4-69jlx                     0m           10Mi            
myip-7ddc5b85f4-6h47f                     0m           6Mi             
myip-7ddc5b85f4-9wxd4                     0m           6Mi             
nginx-controller-7f548944c-92zv9          0m           6Mi             
redis-redis-ha-sentinel-c59957dc9-45hk6   2m           12Mi            
redis-redis-ha-sentinel-c59957dc9-qp4h6   8m           9Mi             
redis-redis-ha-server-78f9bd8b6d-ddnhk    8m           12Mi            
redis-redis-ha-server-78f9bd8b6d-q6lvz    4m           14Mi            
sample-app-855d8f8998-26hjr               0m           27Mi            
sample-app-855d8f8998-2pdwx               0m           31Mi            
sample-app-855d8f8998-82hkg               0m           29Mi            
sample-app-855d8f8998-xxknh               0m           69Mi            
[root@jenkins metrics-server]# kubectl top node
NAME      CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
nginx-1   199m         7%     4292Mi          74%       
nginx-2   192m         7%     1639Mi          27%       
node01    143m         5%     2289Mi          38%       
node02    295m         11%    6317Mi          106%      
node03    375m         15%    3825Mi          66%       

下一篇： Kubernetes 生产环境安装部署 基于 Kubernetes v1.14.0 之 prometheus-operator 部署

转载于:https://blog.51cto.com/juestnow/2409880