Metrics-server se usa para monitorear el uso de CPU y memoria de nodos, pods, etc. (el escalado elástico de hpa depende del complemento del servidor de métricas)
1.13.0, crear un certificado de servidor de métricas y una clave privada
k8s-01:~
k8s-01:/opt/k8s/ssl
k8s-01:/opt/k8s/ssl
{
"CN" : "aggregator" ,
"hosts" : [
] ,
"key" : {
"algo" : "rsa" ,
"size" : 2048
} ,
"names" : [
{
"C" : "CN" ,
"ST" : "ShangHai" ,
"L" : "ShangHai" ,
"O" : "k8s" ,
"OU" : "bandian"
}
]
}
EOF
1.13.1, generar certificado de servidor de métricas y clave privada
k8s-01:/opt/k8s/ssl
-ca-key= /opt/k8s/ssl/ca-key.pem \
-config= /opt/k8s/ssl/ca-config.json \
-profile= kubernetes metrics-server-csr.json | cfssljson -bare metrics-server
1.13.2, configuración de agregación abierta de kube-apiserver
En el archivo kube-apiserver.service, agregue el siguiente contenido para habilitar la agregación (esta operación requiere reiniciar el componente kube-apiserver más tarde, y se recomienda habilitar la agregación al implementar kube-apiserver)
--proxy-client-cert-file= /etc/kubernetes/cert/metrics-server.pem \\
--proxy-client-key-file= /etc/kubernetes/cert/metrics-server-key.pem \\
--requestheader-client-ca-file= /etc/kubernetes/cert/ca.pem \\
--requestheader-allowed-names= aggregator \\
--requestheader-extra-headers-prefix= "X-Remote-Extra-" \\
--requestheader-group-headers= X-Remote-Group \\
--requestheader-username-headers= X-Remote-User
Para mayor comodidad, vuelva a crear el archivo kube-apiserver.service (preste atención a su propio archivo de servicio kube-apiserver, no copie y pegue mi archivo de configuración directamente)
k8s-01:~
k8s-01:/opt/k8s/conf
[ Unit]
Description= Kubernetes API Server
Documentation= https://github.com/GoogleCloudPlatform/kubernetes
After= network.target
[ Service]
WorkingDirectory= ${K8S_DIR} /kube-apiserver
ExecStart= /opt/k8s/bin/kube-apiserver \\
--v= 2 \\
--advertise-address=
--secure-port= 6443 \\
--bind-address=
--etcd-servers= ${ETCD_ENDPOINTS} \\
--allow-privileged= true \\
--service-cluster-ip-range= ${SERVICE_CIDR} \\
--enable-admission-plugins= NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\
--authorization-mode= RBAC,Node \\
--enable-bootstrap-token-auth= true \\
--token-auth-file= /etc/kubernetes/cert/token.csv \\
--service-node-port-range= ${NODE_PORT_RANGE} \\
--kubelet-client-certificate= /etc/kubernetes/cert/kubernetes.pem \\
--kubelet-client-key= /etc/kubernetes/cert/kubernetes-key.pem \\
--tls-cert-file= /etc/kubernetes/cert/kubernetes.pem \\
--tls-private-key-file= /etc/kubernetes/cert/kubernetes-key.pem \\
--client-ca-file= /etc/kubernetes/cert/ca.pem \\
--service-account-key-file= /etc/kubernetes/cert/ca.pem \\
--etcd-cafile= /etc/kubernetes/cert/ca.pem \\
--etcd-certfile= /etc/kubernetes/cert/kubernetes.pem \\
--etcd-keyfile= /etc/kubernetes/cert/kubernetes-key.pem \\
--audit-log-maxage= 15 \\
--audit-log-maxbackup= 3 \\
--audit-log-maxsize= 100 \\
--audit-log-truncate-enabled \\
--audit-log-path= ${K8S_DIR} /kube-apiserver/audit.log \\
--proxy-client-cert-file= /etc/kubernetes/cert/metrics-server.pem \\
--proxy-client-key-file= /etc/kubernetes/cert/metrics-server-key.pem \\
--requestheader-client-ca-file= /etc/kubernetes/cert/ca.pem \\
--requestheader-allowed-names= aggregator \\
--requestheader-extra-headers-prefix= "X-Remote-Extra-" \\
--requestheader-group-headers= X-Remote-Group \\
--requestheader-username-headers= X-Remote-User
Restart= on-failure
RestartSec= 10
Type= notify
LimitNOFILE= 65536
[ Install]
WantedBy= multi-user.target
EOF
1.13.3. Distribuir archivos de configuración y claves secretas a otros nodos
source /opt/k8s/bin/k8s-env.sh
for (( i= 0 ; i < 3 ; i++ ))
do
sed -e "s/##NODE_IP##/${MASTER_IPS[i]} /" /opt/k8s/conf/kube-apiserver.service.template > \
/opt/k8s/conf/kube-apiserver-${MASTER_IPS[i]} .service
done
for host in ${MASTER_IPS[@]}
do
printf "\e[1;34m${host} \e[0m\n"
scp /opt/k8s/ssl/metrics-server*.pem ${host} :/etc/kubernetes/cert/
scp /opt/k8s/conf/kube-apiserver-${host} .service ${host} :/etc/systemd/system/kube-apiserver.service
done
1.13.4, reinicie todos los componentes de kube-apiserver
source /opt/k8s/bin/k8s-env.sh
for host in ${MASTER_IPS[@]}
do
printf "\e[1;34m${host} \e[0m\n"
ssh root@${host} "systemctl daemon-reload && \
systemctl restart kube-apiserver && \
systemctl status kube-apiserver | grep Active"
done
1.13.5, descargue el archivo yaml
k8s-01:~
1.13.6, configurar el archivo yaml
Dado que hay mucho contenido en el yaml extraído de github que debe modificarse, el archivo yaml modificado se cargará a continuación y se puede usar directamente
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRole
metadata :
name : system: aggregated- metrics- reader
labels :
rbac.authorization.k8s.io/aggregate-to-view : "true"
rbac.authorization.k8s.io/aggregate-to-edit : "true"
rbac.authorization.k8s.io/aggregate-to-admin : "true"
rules :
- apiGroups : [ "metrics.k8s.io" ]
resources : [ "pods" , "nodes" ]
verbs : [ "get" , "list" , "watch" ]
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRoleBinding
metadata :
name : metrics- server: system: auth- delegator
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : ClusterRole
name : system: auth- delegator
subjects :
- kind : ServiceAccount
name : metrics- server
namespace : kube- system
---
apiVersion : rbac.authorization.k8s.io/v1
kind : RoleBinding
metadata :
name : metrics- server- auth- reader
namespace : kube- system
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : Role
name : extension- apiserver- authentication- reader
subjects :
- kind : ServiceAccount
name : metrics- server
namespace : kube- system
---
apiVersion : apiregistration.k8s.io/v1
kind : APIService
metadata :
name : v1.metrics.k8s.io
spec :
service :
name : metrics- server
namespace : kube- system
group : metrics.k8s.io
version : v1
insecureSkipTLSVerify : true
groupPriorityMinimum : 100
versionPriority : 100
---
apiVersion : v1
kind : ServiceAccount
metadata :
name : metrics- server
namespace : kube- system
---
apiVersion : apps/v1
kind : Deployment
metadata :
name : metrics- server
namespace : kube- system
labels :
k8s-app : metrics- server
spec :
selector :
matchLabels :
k8s-app : metrics- server
template :
metadata :
name : metrics- server
labels :
k8s-app : metrics- server
spec :
serviceAccountName : metrics- server
volumes :
- name : tmp- dir
emptyDir : {
}
containers :
- name : metrics- server
image : registry.cn- hangzhou.aliyuncs.com/google_containers/metrics- server- amd64: v0.3.6
imagePullPolicy : IfNotPresent
args :
- - - cert- dir=/tmp
- - - secure- port=4443
- - - kubelet- insecure- tls
- - - kubelet- preferred- address- types=InternalIP, Hostname, InternalDNS, ExternalDNS, ExternalIP
ports :
- name : main- port
containerPort : 4443
protocol : TCP
securityContext :
readOnlyRootFilesystem : true
runAsNonRoot : true
runAsUser : 1000
volumeMounts :
- name : tmp- dir
mountPath : /tmp
nodeSelector :
kubernetes.io/os : linux
kubernetes.io/arch : "amd64"
---
apiVersion : v1
kind : Service
metadata :
name : metrics- server
namespace : kube- system
labels :
kubernetes.io/name : "Metrics-server"
kubernetes.io/cluster-service : "true"
spec :
selector :
k8s-app : metrics- server
ports :
- port : 443
protocol : TCP
targetPort : main- port
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRole
metadata :
name : system: metrics- server
rules :
- apiGroups :
- ""
resources :
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs :
- get
- list
- watch
---
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRoleBinding
metadata :
name : system: metrics- server
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : ClusterRole
name : system: metrics- server
subjects :
- kind : ServiceAccount
name : metrics- server
namespace : kube- system
k8s-01:~
1.13.7, verificar la función del servidor de métricas
El servidor de métricas tardará en iniciarse, tenga paciencia 等待1-3分钟
y, si aparecen los siguientes efectos, tendrá éxito
Si no es así, use kubectl logs -n kube-system metrics-server-xxxx
Ver registro
k8s-01:~
NAME CPU( cores) CPU% MEMORY( bytes) MEMORY%
192.168.72.55 129m 6% 2232Mi 58%
192.168.72.56 119m 5% 1555Mi 40%
192.168.72.57 114m 5% 1425Mi 37%
192.168.72.58 31m 1% 711Mi 18%
192.168.72.59 28m 1% 733Mi 19%
k8s-01:~
NAMESPACE NAME CPU( cores) MEMORY( bytes)
kube-system coredns-689d7d9f49-s2qjn 2m 13Mi
kube-system coredns-689d7d9f49-vc9k4 3m 17Mi
kube-system metrics-server-666566b66d-jfl7v 2m 12Mi