Heapster是容器集群监控和性能分析工具,HPA、Dashborad、Kubectl top都依赖于heapster收集的数据。

但是Heapster从kubernetes 1.8以后已经被遗弃了...... 被metrics-server所替代......

kubernetes 1.11 中部署Heapster 1.5.4版本的过程

Heapster 部署yaml文件

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: heapster

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:heapster

subjects:

- kind: ServiceAccount

  name: heapster

  namespace: kube-system

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas: 1

  selector:

      matchLabels:

        k8s-app: heapster

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        # image: k8s.gcr.io/heapster-amd64:v1.5.4 将默认google的官方镜像替换为阿里云镜像,否则你懂得

        image: registry.cn-hangzhou.aliyuncs.com/google_containers/heapster-amd64:v1.5.4

        command:

        - /heapster

        - --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

---

apiVersion: v1

kind: Service

metadata:

  labels:

    task: monitoring

    # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)

    # If you are NOT using this as an add-on, you should comment out this line.

    kubernetes.io/cluster-service: 'true'

    kubernetes.io/name: Heapster

  name: heapster

  namespace: kube-system

spec:

  ports:

  - port: 80

    targetPort: 8082

  selector:

    k8s-app: heapster

heapster.yaml

heapster 启动参数说明:

  • inClusterConfig - Use kube config in service accounts associated with Heapster's namespace. (default: true)
  • kubeletPort - kubelet port to use (default: 10255)
  • kubeletHttps - whether to use https to connect to kubelets (default: false)
  • insecure - whether to trust Kubernetes certificates (default: false)
  • auth - client auth file to use. Set auth if the service accounts are not usable.
  • useServiceAccount - whether to use the service account token if one is mounted at /var/run/secrets/kubernetes.io/serviceaccount/token (default: false)

使用: kubectl apply -f heapster.yaml 部署

部署后查看log日志,发现一直提示“403 Forbidden”, response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-855k7

I0912 14:36:48.175115       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 14:36:48.175174       1 heapster.go:79] Heapster version v1.5.4

I0912 14:36:48.175366       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 14:36:48.175393       1 configs.go:62] Using kubelet port 10250

I0912 14:36:48.185828       1 heapster.go:202] Starting with Metric Sink

I0912 14:36:48.199515       1 heapster.go:112] Starting heapster on port 8082

E0912 14:37:05.000327       1 kubelet.go:288] node node01 is not ready

E0912 14:38:05.016044       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:38:25.000643       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:39:05.008534       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:39:25.000674       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:40:05.009955       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:40:25.001231       1 manager.go:152] Failed to get all responses in time (got 0/1)

E0912 14:41:05.017198       1 manager.go:101] Error in scraping containers from kubelet:172.16.65.181:10250: failed to get all container stats from Kubelet URL "https://172.16.65.181:10250/stats/container/": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)"

W0912 14:41:25.000846       1 manager.go:152] Failed to get all responses in time (got 0/1)

查看ClusterRole: system:heapster的权限,发现的确没有针对Resource: nodes/stats 的create权限

[root@node01 heapster-yaml]# kubectl describe clusterrole system:heapster

Name:         system:heapster

Labels:       kubernetes.io/bootstrapping=rbac-defaults

Annotations:  kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"lab...

              rbac.authorization.kubernetes.io/autoupdate=true

PolicyRule:

  Resources               Non-Resource URLs  Resource Names  Verbs

  ---------               -----------------  --------------  -----

  events                  []                 []              [get list watch]

  namespaces              []                 []              [get list watch]

  nodes                   []                 []              [get list watch]

  pods                    []                 []              [get list watch]

  deployments.extensions  []                 []              [get list watch]

修改ClusterRole: system:heapster的权限:

1. 查看system:heapster yaml格式, 保存为 heapster-clusterrole.yaml

yaml

[root@node01 heapster-yaml]# kubectl get clusterrole system:heapster -o yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    kubectl.kubernetes.io/last-applied-configuration: |

      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:heapster","namespace":""},"rules":[{"apiGroups":[""],"resources":["events","namespaces","nodes","pods","nodes/stats"],"verbs":["create","get","list","watch"]},{"apiGroups":["extensions"],"resources":["deployments"],"verbs":["get","list","watch"]}]}

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: 2018-08-26T02:26:14Z

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

  resourceVersion: ""

  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/system%3Aheapster

  uid: 67ef3689-a8d7-11e8-a891-000c29b52823

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

2. 添加Resource: nodes/stats的create权限,并执行 kubectl apply -f heapster-clusterrole.yaml

yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:heapster

rules:

- apiGroups:

  - ""

  resources:

  - events

  - namespaces

  - nodes

  - pods

  - nodes/stats

  verbs:

  - create

  - get

  - list

  - watch

- apiGroups:

  - extensions

  resources:

  - deployments

  verbs:

  - get

  - list

  - watch

3. 删除heapster重新部署

  kubectl delete -f heapster.yaml

  kubectl apply -f heapster.yaml

4. 重新部署后,查看log没有任何报错了

[root@node01 heapster-yaml]# kubectl logs --namespace=kube-system heapster-868d5cd7f-8zgxq

I0912 15:02:38.926068       1 heapster.go:78] /heapster --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

I0912 15:02:38.926128       1 heapster.go:79] Heapster version v1.5.4

I0912 15:02:38.926565       1 configs.go:61] Using Kubernetes client with master "https://kubernetes.default" and version v1

I0912 15:02:38.926647       1 configs.go:62] Using kubelet port 10250

I0912 15:02:38.938333       1 heapster.go:202] Starting with Metric Sink

I0912 15:02:38.949215       1 heapster.go:112] Starting heapster on port 8082

5. 功能测试

部署前:

[root@node01 heapster-yaml]# kubectl top pod

Error from server (NotFound): the server could not find the requested resource (get services http:heapster:)

部署后:

[root@node01 tomcat-mysql-yaml]# kubectl top pod

NAME                      CPU(cores)   MEMORY(bytes)

lxcfs-j8bpd               0m           4Mi

mysql-85c85c5668-fr6j7    0m           458Mi

tomcat-78c9778858-424gc   1m           93Mi

tomcat-78c9778858-42xz4   1m           97Mi

tomcat-78c9778858-6t7cd   1m           93Mi

相关链接:

https://github.com/kubernetes/heapster

https://github.com/kubernetes-incubator/metrics-server

https://kubernetes.io/docs/tasks/debug-application-cluster/core-metrics-pipeline/

Kubernetes Heapster的更多相关文章

  1. 详解k8s一个完整的监控方案(Heapster+Grafana+InfluxDB) - kubernetes

    1.浅析整个监控流程 heapster以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.网络流量等,然后将这些数据输出到外部存储,如Inf ...

  2. 详解k8s原生的集群监控方案(Heapster+InfluxDB+Grafana) - kubernetes

    1.浅析监控方案 heapster是一个监控计算.存储.网络等集群资源的工具,以k8s内置的cAdvisor作为数据源收集集群信息,并汇总出有价值的性能数据(Metrics):cpu.内存.netwo ...

  3. 使用 kubeadm 安装部署 kubernetes 1.9-部署heapster插件

    1.先到外网下载好镜像倒进各个节点 2.下载yaml文件和创建应用 mkdir -p ~/k8s/heapster cd ~/k8s/heapster wget https://raw.githubu ...

  4. Kubernetes 1.5集成heapster

    Heapster是kubernetes集群监控工具.在1.2的时候,kubernetes的监控需要在node节点上运行cAdvisor作为agent收集本机和容器的资源数据,包括cpu.内存.网络.文 ...

  5. Kubernetes监控:部署Heapster、InfluxDB和Grafana

    本节内容: Kubernetes 监控方案 Heapster.InfluxDB和Grafana介绍 安装配置Heapster.InfluxDB和Grafana 访问 grafana 访问 influx ...

  6. Kubernetes dashboard集成heapster

    图形化展示度量指标的实现需要集成k8s的另外一个Addons组件: Heapster . Heapster原生支持K8s(v1.0.6及以后版本)和 CoreOS ,并且支持多种存储后端,比如: In ...

  7. kubernetes 监控方案之:heapster+influxdb+grafana(十八)

    目录 一.Heapster 介绍 二.部署 三.使用 heapster 已经 deprecated 了:https://github.com/kubernetes/heapster,所以下面的演示主要 ...

  8. Openstack+Kubernetes+Docker微服务实践之路--Kubernetes

    经过几番折腾终于搞定Kubernetes了,我们要在Openstack上部署Kubernetes集群,使用最新工具Kubeadm来安装,由于不能直接访问Kubernetes的源,我们需要一台可以穿墙的 ...

  9. kubernetes组件

    kubernetes组件 @(马克飞象)[k8s] 组件 kubernetes除了必备的dns和网络组件外,官方推出大量的cluster-monitoring,dashboard,fluentd-el ...

随机推荐

  1. 消息队列(message queue)

    最近纠结于一个问题,就是horizon 在处理前台数据的时候非得等到cinder client将数据全部获取后才开始执行horizon的下一行代码,这给大量数据显示造成了很大的时延,其实对于用户体验来 ...

  2. Unity3D学习笔记——NGUI之UISlider

    UISlider:用于创建简单的滑动块和进度条,并且可以添加一个拇指按钮. 效果图如下: 一:使用步骤 1.从上面的效果看出,这个工具由四部分组成:背景图,进度图,进度lable显示,拇指按钮. 2. ...

  3. ubuntu12.04部署ROR

    刚开始部署这玩意是很折磨的,折腾吧. 确保使用最新版本的linux,否则成功率会大大降低,因为ruby开源社区对于ubuntu的支持总是不兼容旧版本的.笔者部署时的版本是ubuntu12.04 每次都 ...

  4. 在DLL中动态加载其所依赖的dll

    windows下LoadLibrary函数的搜索顺序是先搜索system32等系统环境变量path下注册过的路径,然后是当前路径. 这里的相对路径是指的主exe所在路径,并且相对路径在程序运行过程中可 ...

  5. Python简单的线程池

    class ThreadPool(object): def __init__(self, max_num=20): # 创建一个队列,队列里最多只能有10个数据 self.queue = queue. ...

  6. 41个Web开发者必须收藏的JavaScript实用技巧

    1. 将彻底屏蔽鼠标右键 oncontextmenu=”window.event.returnValue=false” < table border oncontextmenu=return(f ...

  7. httpclient 怎么带上登录成功后返回的cookie值访问下一页面

    我是只很菜很菜的小鸟.刚上班,有这个一个需求.要我抓取别的网站的数据.     我根据用户密码登录一个网站成功后,生成一个cookie值.我已经获取到了.然后要带上这个cookie值进行下一页面的访问 ...

  8. iphone开发常用代码笔记

    1.显示图像: 1 2 3 4 5 6 CGRect myImageRect = CGRectMake(0.0f, 0.0f, 320.0f, 109.0f); UIImageView *myImag ...

  9. TP ajax

    ①Ajax使用:   注意传值的所有过程用的是小写,及时数据库列的名称中有大写字母 控制器部分: AjaxController.class.php <?php namespace Home\Co ...

  10. 《从零开始学Swift》学习笔记(Day 20)——函数中参数的传递引用

    原创文章,欢迎转载.转载请注明:关东升的博客 参数的传递引用 类是引用类型,其他的数据类型如整型.浮点型.布尔型.字符.字符串.元组.集合.枚举和结构体全部是值类型. 有的时候就是要将一个值类型参数以 ...