简单介绍

如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。

测试环境

之前部署的集群环境,如下:

System Hostname IP
CentOS 7.6 k8s-master 138.138.82.14
CentOS 7.6 k8s-node1 138.138.82.15
CentOS 7.6 k8s-node2 138.138.82.16

操作步骤

1. 下载相关yaml文件

https://github.com/kubernetes-incubator/metrics-server

~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/

[root@k8s-master 1.8+]# ll

总用量

-rw-r--r--  root root  4月   : aggregated-metrics-reader.yaml

-rw-r--r--  root root  4月   : auth-delegator.yaml

-rw-r--r--  root root  4月   : auth-reader.yaml

-rw-r--r--  root root  4月   : metrics-apiservice.yaml

-rw-r--r--  root root  4月   : metrics-server-deployment.yaml

-rw-r--r--  root root  4月   : metrics-server-service.yaml

-rw-r--r--  root root  4月   : resource-reader.yaml

2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: metrics-server

  namespace: kube-system

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    k8s-app: metrics-server

spec:

  selector:

    matchLabels:

      k8s-app: metrics-server

  template:

    metadata:

      name: metrics-server

      labels:

        k8s-app: metrics-server

    spec:

      serviceAccountName: metrics-server

      volumes:

      # mount in tmp so we can safely use from-scratch images and/or read-only containers

      - name: tmp-dir

        emptyDir: {}

      containers:

      - name: metrics-server

        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2

      # image: k8s.gcr.io/metrics-server-amd64:v0.3.2

        imagePullPolicy: IfNotPresent

        command:

            - /metrics-server

            - --kubelet-preferred-address-types=InternalIP

            - --kubelet-insecure-tls

        volumeMounts:

        - name: tmp-dir

          mountPath: /tmp

注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;

如果不修改command区域的参数则会报如下错误:

E0428 ::05.894325        manager.go:] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]

附上metrcs-server命令参数详解:

Usage:

   [flags]

Flags:

      --alsologtostderr                                         log to standard error as well as files

      --authentication-kubeconfig string                        kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io.

      --authentication-skip-lookup                              If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.

      --authentication-token-webhook-cache-ttl duration         The duration to cache responses from the webhook token authenticator. (default 10s)

      --authorization-kubeconfig string                         kubeconfig file pointing at the 'core' kubernetes server with enough rights to create  subjectaccessreviews.authorization.k8s.io.

      --authorization-webhook-cache-authorized-ttl duration     The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)

      --authorization-webhook-cache-unauthorized-ttl duration   The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)

      --bind-address ip                                         The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0)

      --cert-dir string                                         The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates")

      --client-ca-file string                                   If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.

      --contention-profiling                                    Enable lock contention profiling, if profiling is enabled

      --enable-swagger-ui                                       Enables swagger ui on the apiserver at /swagger-ui

  -h, --help                                                    help for this command

      --http2-max-streams-per-connection int                    The limit that the server gives to clients for the maximum number of streams in an HTTP/ connection. Zero means to use golang's default.

      --kubeconfig string                                       The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config)

      --kubelet-certificate-authority string                    Path to the CA to use to validate the Kubelet's serving certificates.

      --kubelet-insecure-tls                                    Do not verify CA of serving certificates presented by Kubelets.  For testing purposes only.

      --kubelet-port int                                        The port to use to connect to Kubelets. (default )

      --kubelet-preferred-address-types strings                 The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])

      --log-flush-frequency duration                            Maximum number of seconds between log flushes (default 5s)

      --log_backtrace_at traceLocation                          when logging hits line file:N, emit a stack trace (default :)

      --log_dir string                                          If non-empty, write log files in this directory

      --logtostderr                                             log to standard error instead of files (default true)

      --metric-resolution duration                              The resolution at which metrics-server will retain metrics. (default 1m0s)

      --profiling                                               Enable profiling via web interface host:port/debug/pprof/ (default true)

      --requestheader-allowed-names strings                     List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.

      --requestheader-client-ca-file string                     Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests.

      --requestheader-extra-headers-prefix strings              List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])

      --requestheader-group-headers strings                     List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])

      --requestheader-username-headers strings                  List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])

      --secure-port int                                         The port on which to serve HTTPS with authentication and authorization. If , don't serve HTTPS at all. (default 443)

      --stderrthreshold severity                                logs at or above this threshold go to stderr (default )

      --tls-cert-file string                                    File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.

      --tls-cipher-suites strings                               Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use.  Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA

      --tls-min-version string                                  Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12

      --tls-private-key-file string                             File containing the default x509 private key matching --tls-cert-file.

      --tls-sni-cert-key namedCertKey                           A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])

  -v, --v Level                                                 log level for V logs

      --vmodule moduleSpec                                      comma-separated list of pattern=N settings for file-filtered logging

3. 应用所有配置文件到系统中

[root@k8s-master 1.8+]# kubectl apply -f .

clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created

clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created

rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created

apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

serviceaccount/metrics-server created

deployment.extensions/metrics-server created

service/metrics-server created

clusterrole.rbac.authorization.k8s.io/system:metrics-server created

clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态

[root@k8s-master 1.8+]# kubectl get po -n kube-system

NAME                                 READY   STATUS    RESTARTS   AGE

calico-node-b78m4                    /     Running             176m

calico-node-r5mlj                    /     Running             3h6m

calico-node-z5tdh                    /     Running             176m

coredns-fb8b8dccf-6mgks              /     Running             3h21m

coredns-fb8b8dccf-cbtlx              /     Running             3h21m

etcd-k8s-master                      /     Running             3h20m

kube-apiserver-k8s-master            /     Running             3h20m

kube-controller-manager-k8s-master   /     Running             3h20m

kube-proxy-c9xd2                     /     Running             3h21m

kube-proxy-fp2r2                     /     Running             176m

kube-proxy-lrsw7                     /     Running             176m

kube-scheduler-k8s-master            /     Running             3h20m

metrics-server-7579f696d8-pgcc4      1/1     Running   0          99s

[root@k8s-master 1.8+]# kubectl top node

NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%

k8s-master   179m         8%     1660Mi          43%

k8s-node1    81m          4%     908Mi           23%

k8s-node2    78m          3%     1036Mi          26%

看的出来,metrics-server已经正常running,并且能够获取节点的信息。

结束.

kubernetes 1.14安装部署metrics-server插件的更多相关文章

  1. kubernetes 1.14安装部署EFK日志收集系统

    简单介绍: EFK 组合插件是k8s项目的一个日志解决方案,它包括三个组件:Elasticsearch, Fluentd, Kibana.相对于ELK这样的架构,k8s官方推行了EFK,可能Fluen ...

  2. kubernetes 1.14安装部署helm插件

    简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...

  3. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  4. kubernetes 1.14安装部署ingress

    简单介绍: Ingress是Kubernetes API的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用来将集群外部的请求流量转发至集群内部. ...

  5. Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)

    Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...

  6. python2.7.14安装部署(Linux)

    +++++++++++++++++++++++++++++++++++++++++++标题:python2.7.14安装部署(Linux)时间:2019年2月23日内容:Linux下python环境部 ...

  7. kubernetes 1.9 安装部署

    参考地址:https://github.com/gjmzj/kubeasz 引言 提供快速部署高可用k8s集群的工具,基于二进制方式部署和利用ansible-playbook实现自动化,既提供一键安装 ...

  8. kubernetes 源码安装部署 1.12

    一. 前期准备 参考文档 https://jimmysong.io/kubernetes-handbook/practice/create-tls-and-secret-key.html 1. 安装g ...

  9. Kubernetes 集群安装部署

    etcd集群配置 master节点配置 1.安装kubernetes etcd [root@k8s ~]# yum -y install kubernetes-master etcd 2.配置 etc ...

随机推荐

  1. Linux高级运维 第三章 Linux基本命令操作

    3.1  Linux终端介绍.Shell提示符.Bash基本语法 3.1.1  登录LINUX终端 两种终端仿真器:1.GNOME桌面的GHOME Terminal : 2.KDE桌面的Konsole ...

  2. 第五章:shiro密码加密

    在涉及到密码存储问题上,应该加密/生成密码摘要存储,而不是存储明文密码.比如之前的600w csdn账号泄露对用户可能造成很大损失,因此应加密/生成不可逆的摘要方式存储. 5.1 编码/解码 Shir ...

  3. Saslauthd服务实现SMTP发信认证

    一.SMTP发信认证 通过sasl库中的saslauthd服务实现SMTP认证 二.部署 1.先安装postifx 略 2.生成sasl配置文件,实现使用sasl认证 vim /usr/lib64/s ...

  4. Redis 过期键删除策略

    Redis 中数据库键的过期时间都保存在过期字典中,当一个键过期了,Redis 存在三种不同的删除策略:定时删除.惰性删除和定期删除 定时删除 定义 在设置键的过期时间的同时创建一个计时器,让定时器在 ...

  5. pdf文件下载水印添加的中文与空格问题解决

    public static boolean waterMark(String inputFile, String outputFile, String waterMarkName)throws IOE ...

  6. PM领导能力成熟度2级

    人生如戏,大幕拉开,他走上舞台,饰演PM一角. 从技术岗位迈向管理岗位的第一步,对大多数像他一样的新晋PM来说,并不轻松.技术知识与经验是他曾经的主要才能与成功基础,而从成熟度一级开始,身为管理者的他 ...

  7. python内存回收的问题

    python实际上,对于占用很大内存的对象,并不会马上释放. 举例,a=range(10000*10000),会发现内存飙升一个多G,del a 或者a=[]都不能将内存降下来.. del 可以删除多 ...

  8. Python 进程(一)理论部分

    进程 进程(Process)是计算机中的程序关于某数据集合上的一次运行,即正在运行的程序,是系统进行资源分配和调度的基本单位,进程是对正在运行程序的一个抽象,在早期面向进程设计的计算机结构中,进程是程 ...

  9. js坚持不懈之13:JavaScript查找HTML元素的方法

    1. 通过 id 查找 HTML 元素 <!DOCTYPE html> <html> <body> <p id = "intro"> ...

  10. 题解 P1944 最长括号匹配_NOI导刊2009提高(1)

    栈,模拟 把每个元素逐个入栈 如果和栈顶元素匹配,那么一块弹出去,同时标记这里是可匹配的. 取出连续的,最长的可匹配的序列即可. #include <iostream> #include ...