简单介绍

如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。

测试环境

之前部署的集群环境,如下:

System Hostname IP
CentOS 7.6 k8s-master 138.138.82.14
CentOS 7.6 k8s-node1 138.138.82.15
CentOS 7.6 k8s-node2 138.138.82.16

操作步骤

1. 下载相关yaml文件

https://github.com/kubernetes-incubator/metrics-server

~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/

[root@k8s-master 1.8+]# ll

总用量

-rw-r--r--  root root  4月   : aggregated-metrics-reader.yaml

-rw-r--r--  root root  4月   : auth-delegator.yaml

-rw-r--r--  root root  4月   : auth-reader.yaml

-rw-r--r--  root root  4月   : metrics-apiservice.yaml

-rw-r--r--  root root  4月   : metrics-server-deployment.yaml

-rw-r--r--  root root  4月   : metrics-server-service.yaml

-rw-r--r--  root root  4月   : resource-reader.yaml

2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: metrics-server

  namespace: kube-system

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    k8s-app: metrics-server

spec:

  selector:

    matchLabels:

      k8s-app: metrics-server

  template:

    metadata:

      name: metrics-server

      labels:

        k8s-app: metrics-server

    spec:

      serviceAccountName: metrics-server

      volumes:

      # mount in tmp so we can safely use from-scratch images and/or read-only containers

      - name: tmp-dir

        emptyDir: {}

      containers:

      - name: metrics-server

        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2

      # image: k8s.gcr.io/metrics-server-amd64:v0.3.2

        imagePullPolicy: IfNotPresent

        command:

            - /metrics-server

            - --kubelet-preferred-address-types=InternalIP

            - --kubelet-insecure-tls

        volumeMounts:

        - name: tmp-dir

          mountPath: /tmp

注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;

如果不修改command区域的参数则会报如下错误:

E0428 ::05.894325        manager.go:] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]

附上metrcs-server命令参数详解:

Usage:

   [flags]

Flags:

      --alsologtostderr                                         log to standard error as well as files

      --authentication-kubeconfig string                        kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io.

      --authentication-skip-lookup                              If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.

      --authentication-token-webhook-cache-ttl duration         The duration to cache responses from the webhook token authenticator. (default 10s)

      --authorization-kubeconfig string                         kubeconfig file pointing at the 'core' kubernetes server with enough rights to create  subjectaccessreviews.authorization.k8s.io.

      --authorization-webhook-cache-authorized-ttl duration     The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)

      --authorization-webhook-cache-unauthorized-ttl duration   The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)

      --bind-address ip                                         The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0)

      --cert-dir string                                         The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates")

      --client-ca-file string                                   If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.

      --contention-profiling                                    Enable lock contention profiling, if profiling is enabled

      --enable-swagger-ui                                       Enables swagger ui on the apiserver at /swagger-ui

  -h, --help                                                    help for this command

      --http2-max-streams-per-connection int                    The limit that the server gives to clients for the maximum number of streams in an HTTP/ connection. Zero means to use golang's default.

      --kubeconfig string                                       The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config)

      --kubelet-certificate-authority string                    Path to the CA to use to validate the Kubelet's serving certificates.

      --kubelet-insecure-tls                                    Do not verify CA of serving certificates presented by Kubelets.  For testing purposes only.

      --kubelet-port int                                        The port to use to connect to Kubelets. (default )

      --kubelet-preferred-address-types strings                 The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])

      --log-flush-frequency duration                            Maximum number of seconds between log flushes (default 5s)

      --log_backtrace_at traceLocation                          when logging hits line file:N, emit a stack trace (default :)

      --log_dir string                                          If non-empty, write log files in this directory

      --logtostderr                                             log to standard error instead of files (default true)

      --metric-resolution duration                              The resolution at which metrics-server will retain metrics. (default 1m0s)

      --profiling                                               Enable profiling via web interface host:port/debug/pprof/ (default true)

      --requestheader-allowed-names strings                     List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.

      --requestheader-client-ca-file string                     Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests.

      --requestheader-extra-headers-prefix strings              List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])

      --requestheader-group-headers strings                     List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])

      --requestheader-username-headers strings                  List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])

      --secure-port int                                         The port on which to serve HTTPS with authentication and authorization. If , don't serve HTTPS at all. (default 443)

      --stderrthreshold severity                                logs at or above this threshold go to stderr (default )

      --tls-cert-file string                                    File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.

      --tls-cipher-suites strings                               Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use.  Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA

      --tls-min-version string                                  Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12

      --tls-private-key-file string                             File containing the default x509 private key matching --tls-cert-file.

      --tls-sni-cert-key namedCertKey                           A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])

  -v, --v Level                                                 log level for V logs

      --vmodule moduleSpec                                      comma-separated list of pattern=N settings for file-filtered logging

3. 应用所有配置文件到系统中

[root@k8s-master 1.8+]# kubectl apply -f .

clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created

clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created

rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created

apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

serviceaccount/metrics-server created

deployment.extensions/metrics-server created

service/metrics-server created

clusterrole.rbac.authorization.k8s.io/system:metrics-server created

clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态

[root@k8s-master 1.8+]# kubectl get po -n kube-system

NAME                                 READY   STATUS    RESTARTS   AGE

calico-node-b78m4                    /     Running             176m

calico-node-r5mlj                    /     Running             3h6m

calico-node-z5tdh                    /     Running             176m

coredns-fb8b8dccf-6mgks              /     Running             3h21m

coredns-fb8b8dccf-cbtlx              /     Running             3h21m

etcd-k8s-master                      /     Running             3h20m

kube-apiserver-k8s-master            /     Running             3h20m

kube-controller-manager-k8s-master   /     Running             3h20m

kube-proxy-c9xd2                     /     Running             3h21m

kube-proxy-fp2r2                     /     Running             176m

kube-proxy-lrsw7                     /     Running             176m

kube-scheduler-k8s-master            /     Running             3h20m

metrics-server-7579f696d8-pgcc4      1/1     Running   0          99s

[root@k8s-master 1.8+]# kubectl top node

NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%

k8s-master   179m         8%     1660Mi          43%

k8s-node1    81m          4%     908Mi           23%

k8s-node2    78m          3%     1036Mi          26%

看的出来,metrics-server已经正常running,并且能够获取节点的信息。

结束.

kubernetes 1.14安装部署metrics-server插件的更多相关文章

  1. kubernetes 1.14安装部署EFK日志收集系统

    简单介绍: EFK 组合插件是k8s项目的一个日志解决方案,它包括三个组件:Elasticsearch, Fluentd, Kibana.相对于ELK这样的架构,k8s官方推行了EFK,可能Fluen ...

  2. kubernetes 1.14安装部署helm插件

    简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...

  3. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  4. kubernetes 1.14安装部署ingress

    简单介绍: Ingress是Kubernetes API的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用来将集群外部的请求流量转发至集群内部. ...

  5. Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)

    Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...

  6. python2.7.14安装部署(Linux)

    +++++++++++++++++++++++++++++++++++++++++++标题:python2.7.14安装部署(Linux)时间:2019年2月23日内容:Linux下python环境部 ...

  7. kubernetes 1.9 安装部署

    参考地址:https://github.com/gjmzj/kubeasz 引言 提供快速部署高可用k8s集群的工具,基于二进制方式部署和利用ansible-playbook实现自动化,既提供一键安装 ...

  8. kubernetes 源码安装部署 1.12

    一. 前期准备 参考文档 https://jimmysong.io/kubernetes-handbook/practice/create-tls-and-secret-key.html 1. 安装g ...

  9. Kubernetes 集群安装部署

    etcd集群配置 master节点配置 1.安装kubernetes etcd [root@k8s ~]# yum -y install kubernetes-master etcd 2.配置 etc ...

随机推荐

  1. Java开发笔记(八十七)随机访问文件的读写

    前面介绍了字符流读写文件的两种方式,包括文件字符流和缓存字符流,但是它们的写操作都存在一个问题:不管是write方法还是append方法,都只能从文件开头写入,而不能追加到文件末尾或者在文件中间某个位 ...

  2. 如何在Linux服务器和windows系统之间上传与下载文件

    Do not let dream just be your dream. 背景:Linux服务器文件上传下载. XShell+Xftp安装包(解压即用)百度网盘链接:https://pan.baidu ...

  3. oracle非正常退出后重启实例

    sqlplus /nolog 回车 conn / as sysdba 回车 startup 回车(如果被告知已启动,应先执行 shutdown immediate 回车)

  4. win10安装tensorflow-gpu1.13.1+cuda10.0+cudnn7.3.1

    一,本机配置 Win10 64bit NVIDIA GeForce GTX 960M Python3.7(Anaconda) 二,安装CUDA 亲测,TensorFlow-gpu1.13.1支持cud ...

  5. Saslauthd服务实现SMTP发信认证

    一.SMTP发信认证 通过sasl库中的saslauthd服务实现SMTP认证 二.部署 1.先安装postifx 略 2.生成sasl配置文件,实现使用sasl认证 vim /usr/lib64/s ...

  6. Django 提交 form 表单(使用sqlite3保存数据)

    优化 提交 form 表单,https://www.cnblogs.com/klvchen/p/10608143.html 创建数据库的字段,在 models.py 中添加 from django.d ...

  7. .net开源工作流ccflow从表数据数据源导入设置

    第1节. 关键字 驰骋工作流引擎 流程快速开发平台 workflow ccflow jflow  .net开源工作流 第2节. 从表数据导入设置 1.1.1: 概要说明 在从表的使用中我一般都会用到从 ...

  8. PostGIS计算矢量切片(二)--按值渲染

    方案背景     今年三月份写了一篇postgis计算矢量切片,参考了网上资料给出了一份很粗糙的相关方案(文章写的更粗糙).当时的方案中只能针对gis形状进行渲染,而不能用属性渲染.针对这个情况,本文 ...

  9. simulink创建简单模型

    创建简单模型 您可以使用 Simulink® 对系统建模,然后仿真该系统的动态行为.Simulink 允许您创建模块图,图中的各个连接模块代表系统的各个部分,信号代表这些模块之间的输入/输出关系.Si ...

  10. mssql server for docker on MacOs

    1. install 1.下载镜像 docker pull microsoft/mssql-server-linux 使用该命令就可以把数据库的docker镜像下载下来. 2.创建并运行容器 dock ...