Heapster是容器集群监控和性能分析工具,HPA、Dashborad、Kubectl top都依赖于heapster收集的数据。

但是Heapster从kubernetes 1.8以后已经被遗弃了...... 被metrics-server所替代......

kubernetes 1.11 中部署Heapster 1.5.4版本的过程

Heapster 部署yaml文件

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: heapster

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:heapster

subjects:

- kind: ServiceAccount

  name: heapster

  namespace: kube-system

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas: 1

  selector:

      matchLabels:

        k8s-app: heapster

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        # image: k8s.gcr.io/heapster-amd64:v1.5.4 将默认google的官方镜像替换为阿里云镜像,否则你懂得

        image: registry.cn-hangzhou.aliyuncs.com/google_containers/heapster-amd64:v1.5.4

        command:

        - /heapster

        - --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

---

apiVersion: v1

kind: Service

metadata:

  labels:

    task: monitoring

    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)

    # If you are NOT using this as an add-on, you should comment out this line.

    kubernetes.io/cluster-service: 'true'

    kubernetes.io/name: Heapster

  name: heapster

  namespace: kube-system

spec:

  ports:

  - port: 80

    targetPort: 8082

  selector:

    k8s-app: heapster

heapster.yaml

heapster 启动参数说明:

  • inClusterConfig - Use kube config in service accounts associated with Heapster's namespace. (default: true)
  • kubeletPort - kubelet port to use (default: 10255)
  • kubeletHttps - whether to use https to connect to kubelets (default: false)
  • insecure - whether to trust Kubernetes certificates (default: false)
  • auth - client auth file to use. Set auth if the service accounts are not usable.
  • useServiceAccount - whether to use the service account token if one is mounted at /var/run/secrets/kubernetes.io/serviceaccount/token (default: false)

使用: kubectl apply -f heapster.yaml 部署

部署后查看log日志,发现一直提示“403 Forbidden”, response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-855k7

I0912 14:36:48.175115       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 14:36:48.175174       1 heapster.go:79] Heapster version v1.5.4

I0912 14:36:48.175366       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 14:36:48.175393       1 configs.go:62] Using kubelet port 10250

I0912 14:36:48.185828       1 heapster.go:202] Starting with Metric Sink

I0912 14:36:48.199515       1 heapster.go:112] Starting heapster on port 8082

E0912 14:37:05.000327       1 kubelet.go:288] node node01 is not ready

E0912 14:38:05.016044       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:38:25.000643       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:39:05.008534       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:39:25.000674       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:40:05.009955       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:40:25.001231       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:41:05.017198       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:41:25.000846       1 manager.go:152] Failed to get all responses in time (got 0/1)

查看ClusterRole: system:heapster的权限,发现的确没有针对Resource: nodes/stats 的create权限

[root@node01 heapster-yaml]# kubectl describe clusterrole system:heapster

Name:         system:heapster

Labels:       kubernetes.io/bootstrapping=rbac-defaults

Annotations:  kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"lab...

              rbac.authorization.kubernetes.io/autoupdate=true

PolicyRule:

  Resources               Non-Resource URLs  Resource Names  Verbs

  ---------               -----------------  --------------  -----

  events                  []                 []              [get list watch]

  namespaces              []                 []              [get list watch]

  nodes                   []                 []              [get list watch]

  pods                    []                 []              [get list watch]

  deployments.extensions  []                 []              [get list watch]

修改ClusterRole: system:heapster的权限:

1. 查看system:heapster yaml格式, 保存为 heapster-clusterrole.yaml

yaml

[root@node01 heapster-yaml]# kubectl get clusterrole system:heapster -o yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    kubectl.kubernetes.io/last-applied-configuration: |

      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:heapster","namespace":""},"rules":[{"apiGroups":[""],"resources":["events","namespaces","nodes","pods","nodes/stats"],"verbs":["create","get","list","watch"]},{"apiGroups":["extensions"],"resources":["deployments"],"verbs":["get","list","watch"]}]}

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: 2018-08-26T02:26:14Z

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

  resourceVersion: ""

  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/system%3Aheapster

  uid: 67ef3689-a8d7-11e8-a891-000c29b52823

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

2. 添加Resource: nodes/stats的create权限,并执行 kubectl apply -f heapster-clusterrole.yaml

yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  - nodes/stats

  verbs:

  - create

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

3. 删除heapster重新部署

  kubectl delete -f heapster.yaml

  kubectl apply -f heapster.yaml

4. 重新部署后,查看log没有任何报错了

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-8zgxq

I0912 15:02:38.926068       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 15:02:38.926128       1 heapster.go:79] Heapster version v1.5.4

I0912 15:02:38.926565       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 15:02:38.926647       1 configs.go:62] Using kubelet port 10250

I0912 15:02:38.938333       1 heapster.go:202] Starting with Metric Sink

I0912 15:02:38.949215       1 heapster.go:112] Starting heapster on port 8082

5. 功能测试

部署前:

[root@node01 heapster-yaml]# kubectl top pod

Error from server (NotFound): the server could not find the requested resource (get services http:heapster:)

部署后:

[root@node01 tomcat-mysql-yaml]# kubectl top pod

NAME                      CPU(cores)   MEMORY(bytes)

lxcfs-j8bpd               0m           4Mi

mysql-85c85c5668-fr6j7    0m           458Mi

tomcat-78c9778858-424gc   1m           93Mi

tomcat-78c9778858-42xz4   1m           97Mi

tomcat-78c9778858-6t7cd   1m           93Mi

相关链接:

https://github.com/kubernetes/heapster

https://github.com/kubernetes-incubator/metrics-server

https://kubernetes.io/docs/tasks/debug-application-cluster/core-metrics-pipeline/

Kubernetes Heapster的更多相关文章

  1. 详解k8s一个完整的监控方案(Heapster+Grafana+InfluxDB) - kubernetes

    1.浅析整个监控流程 heapster以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.网络流量等,然后将这些数据输出到外部存储,如Inf ...

  2. 详解k8s原生的集群监控方案(Heapster+InfluxDB+Grafana) - kubernetes

    1.浅析监控方案 heapster是一个监控计算.存储.网络等集群资源的工具,以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.netwo ...

  3. 使用 kubeadm 安装部署 kubernetes 1.9-部署heapster插件

    1.先到外网下载好镜像倒进各个节点 2.下载yaml文件和创建应用 mkdir -p ~/k8s/heapster cd ~/k8s/heapster wget https://raw.githubu ...

  4. Kubernetes 1.5集成heapster

    Heapster是kubernetes集群监控工具.在1.2的时候,kubernetes的监控需要在node节点上运行cAdvisor作为agent收集本机和容器的资源数据,包括cpu.内存.网络.文 ...

  5. Kubernetes监控:部署Heapster、InfluxDB和Grafana

    本节内容: Kubernetes 监控方案 Heapster.InfluxDB和Grafana介绍 安装配置Heapster.InfluxDB和Grafana 访问 grafana 访问 influx ...

  6. Kubernetes dashboard集成heapster

    图形化展示度量指标的实现需要集成k8s的另外一个Addons组件: Heapster . Heapster原生支持K8s(v1.0.6及以后版本)和 CoreOS ,并且支持多种存储后端,比如: In ...

  7. kubernetes 监控方案之:heapster+influxdb+grafana(十八)

    目录 一.Heapster 介绍 二.部署 三.使用 heapster 已经 deprecated 了:https://github.com/kubernetes/heapster,所以下面的演示主要 ...

  8. Openstack+Kubernetes+Docker微服务实践之路--Kubernetes

    经过几番折腾终于搞定Kubernetes了,我们要在Openstack上部署Kubernetes集群,使用最新工具Kubeadm来安装,由于不能直接访问Kubernetes的源,我们需要一台可以穿墙的 ...

  9. kubernetes组件

    kubernetes组件 @(马克飞象)[k8s] 组件 kubernetes除了必备的dns和网络组件外,官方推出大量的cluster-monitoring,dashboard,fluentd-el ...

随机推荐

  1. C# 关于在原图中寻找子图片坐标的类

    在网上找了好久,没有一个现成的例子,自己也发帖子可惜没有找到好办法. 只好自己动手写了, 以下为个人想法所写,算法可能不会太好,如果各位有好的例子发来大家一起分享一下. 这个类主要实现了图片坐标查找功 ...

  2. 阿里云里Centos 7 PHP7环境配置 LNMP

    首先更新系统软件</str> $ yum update 安装nginx</str></str> 1.安装nginx源 $ yum localinstall http ...

  3. 【BZOJ4247】挂饰 背包

    [BZOJ4247]挂饰 Description JOI君有N个装在手机上的挂饰,编号为1...N. JOI君可以将其中的一些装在手机上. JOI君的挂饰有一些与众不同——其中的一些挂饰附有可以挂其他 ...

  4. 《从零开始学Swift》学习笔记(Day 38)——构造函数与存储属性初始化

    原创文章,欢迎转载.转载请注明:关东升的博客 构造函数的主要作用是初始化实例,其中包括:初始化存储属性和其它的初始化.在Rectangle类或结构体中,如果在构造函数中初始化存储属性width和hei ...

  5. NPOI操作Excel常用函数

    最近因项目接触了NPOI,感觉还是蛮不错的,网络上的教程普遍版本较老,本篇记录所常用操作,采用NPOI 2.0版本. 推荐: NPOI官方网站 NPOI 1.2.4/1.2.5 官方教程 新建Exce ...

  6. 将CodedUI Test 放到控制台程序中,模拟鼠标键盘操作

    CodedUI Test是微软的自动化测试工具,在VS中非常好用.可以用来模拟鼠标点击,键盘输入.但执行的时候必须要用mstest调用,无法传入参数(当然可以写入config文件中,但每次修改十分麻烦 ...

  7. Docker Metasploit Framework

    https://hub.docker.com/r/usertaken/metasploit-framework/ docker pull usertaken/metasploit-framework ...

  8. ajax异步请求分页显示

    html代码: <!DOCTYPE html> <html lang="en"> <head>     <meta charset=&qu ...

  9. python并发编程&多线程(一)

    本篇理论居多,实际操作见:  python并发编程&多线程(二) 一 什么是线程 在传统操作系统中,每个进程有一个地址空间,而且默认就有一个控制线程 线程顾名思义,就是一条流水线工作的过程,一 ...

  10. 内置函数: filter 和 map

    内置函数———filter和map filter filter() 函数用于过滤序列,过滤掉不符合条件的元素,返回由符合条件元素组成的新列表.接收两个参数,第一个为函数,第二个为序列,序列的每个元素作 ...