Heapster是容器集群监控和性能分析工具,HPA、Dashborad、Kubectl top都依赖于heapster收集的数据。

但是Heapster从kubernetes 1.8以后已经被遗弃了...... 被metrics-server所替代......

kubernetes 1.11 中部署Heapster 1.5.4版本的过程

Heapster 部署yaml文件

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: heapster

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:heapster

subjects:

- kind: ServiceAccount

  name: heapster

  namespace: kube-system

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas: 1

  selector:

      matchLabels:

        k8s-app: heapster

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        # image: k8s.gcr.io/heapster-amd64:v1.5.4 将默认google的官方镜像替换为阿里云镜像,否则你懂得

        image: registry.cn-hangzhou.aliyuncs.com/google_containers/heapster-amd64:v1.5.4

        command:

        - /heapster

        - --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

---

apiVersion: v1

kind: Service

metadata:

  labels:

    task: monitoring

    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)

    # If you are NOT using this as an add-on, you should comment out this line.

    kubernetes.io/cluster-service: 'true'

    kubernetes.io/name: Heapster

  name: heapster

  namespace: kube-system

spec:

  ports:

  - port: 80

    targetPort: 8082

  selector:

    k8s-app: heapster

heapster.yaml

heapster 启动参数说明:

  • inClusterConfig - Use kube config in service accounts associated with Heapster's namespace. (default: true)
  • kubeletPort - kubelet port to use (default: 10255)
  • kubeletHttps - whether to use https to connect to kubelets (default: false)
  • insecure - whether to trust Kubernetes certificates (default: false)
  • auth - client auth file to use. Set auth if the service accounts are not usable.
  • useServiceAccount - whether to use the service account token if one is mounted at /var/run/secrets/kubernetes.io/serviceaccount/token (default: false)

使用: kubectl apply -f heapster.yaml 部署

部署后查看log日志,发现一直提示“403 Forbidden”, response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-855k7

I0912 14:36:48.175115       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 14:36:48.175174       1 heapster.go:79] Heapster version v1.5.4

I0912 14:36:48.175366       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 14:36:48.175393       1 configs.go:62] Using kubelet port 10250

I0912 14:36:48.185828       1 heapster.go:202] Starting with Metric Sink

I0912 14:36:48.199515       1 heapster.go:112] Starting heapster on port 8082

E0912 14:37:05.000327       1 kubelet.go:288] node node01 is not ready

E0912 14:38:05.016044       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:38:25.000643       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:39:05.008534       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:39:25.000674       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:40:05.009955       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:40:25.001231       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:41:05.017198       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:41:25.000846       1 manager.go:152] Failed to get all responses in time (got 0/1)

查看ClusterRole: system:heapster的权限,发现的确没有针对Resource: nodes/stats 的create权限

[root@node01 heapster-yaml]# kubectl describe clusterrole system:heapster

Name:         system:heapster

Labels:       kubernetes.io/bootstrapping=rbac-defaults

Annotations:  kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"lab...

              rbac.authorization.kubernetes.io/autoupdate=true

PolicyRule:

  Resources               Non-Resource URLs  Resource Names  Verbs

  ---------               -----------------  --------------  -----

  events                  []                 []              [get list watch]

  namespaces              []                 []              [get list watch]

  nodes                   []                 []              [get list watch]

  pods                    []                 []              [get list watch]

  deployments.extensions  []                 []              [get list watch]

修改ClusterRole: system:heapster的权限:

1. 查看system:heapster yaml格式, 保存为 heapster-clusterrole.yaml

yaml

[root@node01 heapster-yaml]# kubectl get clusterrole system:heapster -o yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    kubectl.kubernetes.io/last-applied-configuration: |

      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:heapster","namespace":""},"rules":[{"apiGroups":[""],"resources":["events","namespaces","nodes","pods","nodes/stats"],"verbs":["create","get","list","watch"]},{"apiGroups":["extensions"],"resources":["deployments"],"verbs":["get","list","watch"]}]}

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: 2018-08-26T02:26:14Z

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

  resourceVersion: ""

  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/system%3Aheapster

  uid: 67ef3689-a8d7-11e8-a891-000c29b52823

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

2. 添加Resource: nodes/stats的create权限,并执行 kubectl apply -f heapster-clusterrole.yaml

yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  - nodes/stats

  verbs:

  - create

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

3. 删除heapster重新部署

  kubectl delete -f heapster.yaml

  kubectl apply -f heapster.yaml

4. 重新部署后,查看log没有任何报错了

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-8zgxq

I0912 15:02:38.926068       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 15:02:38.926128       1 heapster.go:79] Heapster version v1.5.4

I0912 15:02:38.926565       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 15:02:38.926647       1 configs.go:62] Using kubelet port 10250

I0912 15:02:38.938333       1 heapster.go:202] Starting with Metric Sink

I0912 15:02:38.949215       1 heapster.go:112] Starting heapster on port 8082

5. 功能测试

部署前:

[root@node01 heapster-yaml]# kubectl top pod

Error from server (NotFound): the server could not find the requested resource (get services http:heapster:)

部署后:

[root@node01 tomcat-mysql-yaml]# kubectl top pod

NAME                      CPU(cores)   MEMORY(bytes)

lxcfs-j8bpd               0m           4Mi

mysql-85c85c5668-fr6j7    0m           458Mi

tomcat-78c9778858-424gc   1m           93Mi

tomcat-78c9778858-42xz4   1m           97Mi

tomcat-78c9778858-6t7cd   1m           93Mi

相关链接:

https://github.com/kubernetes/heapster

https://github.com/kubernetes-incubator/metrics-server

https://kubernetes.io/docs/tasks/debug-application-cluster/core-metrics-pipeline/

Kubernetes Heapster的更多相关文章

  1. 详解k8s一个完整的监控方案(Heapster+Grafana+InfluxDB) - kubernetes

    1.浅析整个监控流程 heapster以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.网络流量等,然后将这些数据输出到外部存储,如Inf ...

  2. 详解k8s原生的集群监控方案(Heapster+InfluxDB+Grafana) - kubernetes

    1.浅析监控方案 heapster是一个监控计算.存储.网络等集群资源的工具,以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.netwo ...

  3. 使用 kubeadm 安装部署 kubernetes 1.9-部署heapster插件

    1.先到外网下载好镜像倒进各个节点 2.下载yaml文件和创建应用 mkdir -p ~/k8s/heapster cd ~/k8s/heapster wget https://raw.githubu ...

  4. Kubernetes 1.5集成heapster

    Heapster是kubernetes集群监控工具.在1.2的时候,kubernetes的监控需要在node节点上运行cAdvisor作为agent收集本机和容器的资源数据,包括cpu.内存.网络.文 ...

  5. Kubernetes监控:部署Heapster、InfluxDB和Grafana

    本节内容: Kubernetes 监控方案 Heapster.InfluxDB和Grafana介绍 安装配置Heapster.InfluxDB和Grafana 访问 grafana 访问 influx ...

  6. Kubernetes dashboard集成heapster

    图形化展示度量指标的实现需要集成k8s的另外一个Addons组件: Heapster . Heapster原生支持K8s(v1.0.6及以后版本)和 CoreOS ,并且支持多种存储后端,比如: In ...

  7. kubernetes 监控方案之:heapster+influxdb+grafana(十八)

    目录 一.Heapster 介绍 二.部署 三.使用 heapster 已经 deprecated 了:https://github.com/kubernetes/heapster,所以下面的演示主要 ...

  8. Openstack+Kubernetes+Docker微服务实践之路--Kubernetes

    经过几番折腾终于搞定Kubernetes了,我们要在Openstack上部署Kubernetes集群,使用最新工具Kubeadm来安装,由于不能直接访问Kubernetes的源,我们需要一台可以穿墙的 ...

  9. kubernetes组件

    kubernetes组件 @(马克飞象)[k8s] 组件 kubernetes除了必备的dns和网络组件外,官方推出大量的cluster-monitoring,dashboard,fluentd-el ...

随机推荐

  1. JS异步笔记

    Promise 最早接触异步是在.net中,当时还是比较流行使用基于控件的BackgroundWorker,其自身通过子线程的方式来异步处理一些情况,并且封装了一些功能与主线程通信.后来,开始使用Th ...

  2. C++11写算法之二分查找

    同样的,二分查找很好理解,不多做解释,要注意二分查找的list必须是排好序的. 这里实现了两种二分查找的算法,一种递归一种非递归,看看代码应该差不多是秒懂.想试验两种算法,改变一下findFunc函数 ...

  3. selenium的元素定位-iframe

    # name = top-frame # 如果iframe有name属性 或 id属性则 可以直接在frame种填写 # 如果没有name和id属性 frame() 可以接受elementOBj el ...

  4. Cocos2d-x Lua中实例:特效演示

    下面我们通过一个实例介绍几个特效的使用,这个实例如下图所示,上图是一个操作菜单场景,选择菜单可以进入到下图动作场景,在下图动作场景中点击Go按钮可以执行我们选择的特性动作,点击Back按钮可以返回到菜 ...

  5. eval()和exec()函数的区别

    (1)eval(str [,globals [,locals ])函数将字符串str当成有效Python表达式来求值,并返回计算结果.(2)exec()函数将字符串str当成有效的Python表达式来 ...

  6. Linux 常用命令缩写及对应的

    0.项目名: Linux -- LINUs' uniX (开个玩笑不是这样的,别当真) GNU -- Gnu is Not Unix1.目录名: /boot:顾名思义 /root :同上 /run:同 ...

  7. 巨蟒django之权限7:动态生成一级&&二级菜单

    内容回顾: . 权限的控制 . 表结构设计 存权限的信息 用户表 - name 用户名 - pwd 密码 - roles 多对多 角色表 - name - permissions 多对多 权限表 - ...

  8. IOS开发复习笔记(3)-ARC

    1.ARC 当你自己调用了release或retain语句的时候,ARC有效时编译文件会遇到错误,你可以通过-fno-objc-arc和-fobjc-arc两个编译器标志在混搭中支持ARC和非ARC的 ...

  9. Google 翻译如何获取 tk 参数值?

    1.首先获取 TKK 参数,这个参数可以在 https://translate.google.com 网页获取, src:TKK=eval('((function(){var a\x3d2089517 ...

  10. 前端基础 & 初识JS(JavaScript)

    JavaScript概述 JavaScript的历史 1992年Nombas开发出C-minus-minus(C--)的嵌入式脚本语言(最初绑定在CEnvi软件中),后将其改名ScriptEase(客 ...