简单介绍

如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。

测试环境

之前部署的集群环境,如下:

System Hostname IP
CentOS 7.6 k8s-master 138.138.82.14
CentOS 7.6 k8s-node1 138.138.82.15
CentOS 7.6 k8s-node2 138.138.82.16

操作步骤

1. 下载相关yaml文件

https://github.com/kubernetes-incubator/metrics-server

~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/

[root@k8s-master 1.8+]# ll

总用量

-rw-r--r--  root root  4月   : aggregated-metrics-reader.yaml

-rw-r--r--  root root  4月   : auth-delegator.yaml

-rw-r--r--  root root  4月   : auth-reader.yaml

-rw-r--r--  root root  4月   : metrics-apiservice.yaml

-rw-r--r--  root root  4月   : metrics-server-deployment.yaml

-rw-r--r--  root root  4月   : metrics-server-service.yaml

-rw-r--r--  root root  4月   : resource-reader.yaml

2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: metrics-server

  namespace: kube-system

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    k8s-app: metrics-server

spec:

  selector:

    matchLabels:

      k8s-app: metrics-server

  template:

    metadata:

      name: metrics-server

      labels:

        k8s-app: metrics-server

    spec:

      serviceAccountName: metrics-server

      volumes:

      # mount in tmp so we can safely use from-scratch images and/or read-only containers

      - name: tmp-dir

        emptyDir: {}

      containers:

      - name: metrics-server

        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2

      # image: k8s.gcr.io/metrics-server-amd64:v0.3.2

        imagePullPolicy: IfNotPresent

        command:

            - /metrics-server

            - --kubelet-preferred-address-types=InternalIP

            - --kubelet-insecure-tls

        volumeMounts:

        - name: tmp-dir

          mountPath: /tmp

注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;

如果不修改command区域的参数则会报如下错误:

E0428 ::05.894325        manager.go:] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]

附上metrcs-server命令参数详解:

Usage:

   [flags]

Flags:

      --alsologtostderr                                         log to standard error as well as files

      --authentication-kubeconfig string                        kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io.

      --authentication-skip-lookup                              If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.

      --authentication-token-webhook-cache-ttl duration         The duration to cache responses from the webhook token authenticator. (default 10s)

      --authorization-kubeconfig string                         kubeconfig file pointing at the 'core' kubernetes server with enough rights to create  subjectaccessreviews.authorization.k8s.io.

      --authorization-webhook-cache-authorized-ttl duration     The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)

      --authorization-webhook-cache-unauthorized-ttl duration   The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)

      --bind-address ip                                         The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0)

      --cert-dir string                                         The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates")

      --client-ca-file string                                   If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.

      --contention-profiling                                    Enable lock contention profiling, if profiling is enabled

      --enable-swagger-ui                                       Enables swagger ui on the apiserver at /swagger-ui

  -h, --help                                                    help for this command

      --http2-max-streams-per-connection int                    The limit that the server gives to clients for the maximum number of streams in an HTTP/ connection. Zero means to use golang's default.

      --kubeconfig string                                       The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config)

      --kubelet-certificate-authority string                    Path to the CA to use to validate the Kubelet's serving certificates.

      --kubelet-insecure-tls                                    Do not verify CA of serving certificates presented by Kubelets.  For testing purposes only.

      --kubelet-port int                                        The port to use to connect to Kubelets. (default )

      --kubelet-preferred-address-types strings                 The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])

      --log-flush-frequency duration                            Maximum number of seconds between log flushes (default 5s)

      --log_backtrace_at traceLocation                          when logging hits line file:N, emit a stack trace (default :)

      --log_dir string                                          If non-empty, write log files in this directory

      --logtostderr                                             log to standard error instead of files (default true)

      --metric-resolution duration                              The resolution at which metrics-server will retain metrics. (default 1m0s)

      --profiling                                               Enable profiling via web interface host:port/debug/pprof/ (default true)

      --requestheader-allowed-names strings                     List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.

      --requestheader-client-ca-file string                     Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests.

      --requestheader-extra-headers-prefix strings              List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])

      --requestheader-group-headers strings                     List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])

      --requestheader-username-headers strings                  List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])

      --secure-port int                                         The port on which to serve HTTPS with authentication and authorization. If , don't serve HTTPS at all. (default 443)

      --stderrthreshold severity                                logs at or above this threshold go to stderr (default )

      --tls-cert-file string                                    File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.

      --tls-cipher-suites strings                               Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use.  Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA

      --tls-min-version string                                  Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12

      --tls-private-key-file string                             File containing the default x509 private key matching --tls-cert-file.

      --tls-sni-cert-key namedCertKey                           A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])

  -v, --v Level                                                 log level for V logs

      --vmodule moduleSpec                                      comma-separated list of pattern=N settings for file-filtered logging

3. 应用所有配置文件到系统中

[root@k8s-master 1.8+]# kubectl apply -f .

clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created

clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created

rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created

apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

serviceaccount/metrics-server created

deployment.extensions/metrics-server created

service/metrics-server created

clusterrole.rbac.authorization.k8s.io/system:metrics-server created

clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态

[root@k8s-master 1.8+]# kubectl get po -n kube-system

NAME                                 READY   STATUS    RESTARTS   AGE

calico-node-b78m4                    /     Running             176m

calico-node-r5mlj                    /     Running             3h6m

calico-node-z5tdh                    /     Running             176m

coredns-fb8b8dccf-6mgks              /     Running             3h21m

coredns-fb8b8dccf-cbtlx              /     Running             3h21m

etcd-k8s-master                      /     Running             3h20m

kube-apiserver-k8s-master            /     Running             3h20m

kube-controller-manager-k8s-master   /     Running             3h20m

kube-proxy-c9xd2                     /     Running             3h21m

kube-proxy-fp2r2                     /     Running             176m

kube-proxy-lrsw7                     /     Running             176m

kube-scheduler-k8s-master            /     Running             3h20m

metrics-server-7579f696d8-pgcc4      1/1     Running   0          99s

[root@k8s-master 1.8+]# kubectl top node

NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%

k8s-master   179m         8%     1660Mi          43%

k8s-node1    81m          4%     908Mi           23%

k8s-node2    78m          3%     1036Mi          26%

看的出来,metrics-server已经正常running,并且能够获取节点的信息。

结束.

kubernetes 1.14安装部署metrics-server插件的更多相关文章

  1. kubernetes 1.14安装部署EFK日志收集系统

    简单介绍: EFK 组合插件是k8s项目的一个日志解决方案,它包括三个组件:Elasticsearch, Fluentd, Kibana.相对于ELK这样的架构,k8s官方推行了EFK,可能Fluen ...

  2. kubernetes 1.14安装部署helm插件

    简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...

  3. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  4. kubernetes 1.14安装部署ingress

    简单介绍: Ingress是Kubernetes API的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用来将集群外部的请求流量转发至集群内部. ...

  5. Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)

    Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...

  6. python2.7.14安装部署(Linux)

    +++++++++++++++++++++++++++++++++++++++++++标题:python2.7.14安装部署(Linux)时间:2019年2月23日内容:Linux下python环境部 ...

  7. kubernetes 1.9 安装部署

    参考地址:https://github.com/gjmzj/kubeasz 引言 提供快速部署高可用k8s集群的工具,基于二进制方式部署和利用ansible-playbook实现自动化,既提供一键安装 ...

  8. kubernetes 源码安装部署 1.12

    一. 前期准备 参考文档 https://jimmysong.io/kubernetes-handbook/practice/create-tls-and-secret-key.html 1. 安装g ...

  9. Kubernetes 集群安装部署

    etcd集群配置 master节点配置 1.安装kubernetes etcd [root@k8s ~]# yum -y install kubernetes-master etcd 2.配置 etc ...

随机推荐

  1. Error fetching https://gems.ruby-china.org/: bad response Not Found 404 (https://gems.ruby-china.org/specs.4.8.gz) 报错解决办法

    执行换源操作 gem source -a https://gems.ruby-china.org/ 时报错: Error fetching https://gems.ruby-china.org/: ...

  2. php中读取中文文件夹及文件报错

    php读取时出现中文乱码 一般php输出中出现中文乱码我们可用 header ('content:text/html;charset="utf-8"'); php中读取中文文件夹及 ...

  3. 我的世界 ParaCraft 结合开源地图 OpenStreetMap 生成3D校园的方法简介

    我的世界ParaCraft结合开源地图OpenStreetMap生成3D校园的方法简介 版本1.0 日期2019.2.3 作者Ray (82735589@qq.com) www.TimeGIS.com ...

  4. 从零学习Fluter(九):正式使用flutter进入商业开发

    一下为下个app 功能模块简要划分 接口文档需要说明 公告接口 messageTitle -- 消息内容 红包墙接口 使用说明 地理位置定位 shareGetMoney - 分享活动金额 lookCo ...

  5. Java:配置环境(Mac)——JDK

    1.下载JDK 官网 打开后,直接下载最新版本. 选择dmg文件下载 2.开始安装,一直下一步. 3.打开终端,查询安装路径:/usr/libexec/java_home,复制备用. 4.配置Java ...

  6. 为什么CynosDB叫真正的云原生数据库?

    本文由腾讯云数据库发表 注:本文摘自2018年11月22日腾讯云数据库CynosDB新品发布会的演讲实录.随着互联网信息的发展,大家也对云这个词汇也不是特别陌生了,作为全球首选的云服务厂商之一的腾讯云 ...

  7. SpringBoot Mybatis 使用LocalDateTime

    mybatis-spring-boot-starter 2.0.1 会报错,不知道如何解决(建议先不用) mybatis-spring-boot-starter 2.0.1 - 1.3.2 版本不会报 ...

  8. memcached 学习

    memcached 是什么 特点 协议简单 基于 libevent 的事件处理 内置内存存储方式 memcached 不互相通信的分布式 启动 安装 依赖 libevent 安装命令 下载地址在这个网 ...

  9. golang 调用windows API 中文的处理

    Go语言发展势头很猛,其实缺点也很多,好在有广大爱好者提供了无数的库,把优点表现得太好了,搞得什么都是拿来就使用,基本完全不理会指针,性能还不错. 最近在windows下使用遇到一个中文的问题,首先要 ...

  10. vue 项目中当访问路由不存在的时候默认访问404页面

    前言: 在Vue项目中,当访问的页面路由不存在或错误时,页面显示为一片空白.然而,通常我们需要对访问url不存在或者错误的情况下添加默认的404页面,即not found页面. 一般的处理方法是: 在 ...