简单介绍

如果使用kubernetes的自动扩容功能的话,那首先得有一个插件,然后该插件将收集到的信息(cpu、memory..)与自动扩容的设置的值进行比对,自动调整pod数量。关于该插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式发布后,丢弃了heapster,官方推荐采用metrics-sever。

测试环境

之前部署的集群环境,如下:

System Hostname IP
CentOS 7.6 k8s-master 138.138.82.14
CentOS 7.6 k8s-node1 138.138.82.15
CentOS 7.6 k8s-node2 138.138.82.16

操作步骤

1. 下载相关yaml文件

https://github.com/kubernetes-incubator/metrics-server

~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/

[root@k8s-master 1.8+]# ll

总用量

-rw-r--r--  root root  4月   : aggregated-metrics-reader.yaml

-rw-r--r--  root root  4月   : auth-delegator.yaml

-rw-r--r--  root root  4月   : auth-reader.yaml

-rw-r--r--  root root  4月   : metrics-apiservice.yaml

-rw-r--r--  root root  4月   : metrics-server-deployment.yaml

-rw-r--r--  root root  4月   : metrics-server-service.yaml

-rw-r--r--  root root  4月   : resource-reader.yaml

2. 修改其中的metrics-server-deployment.yaml文件(用红色标亮处)

---

apiVersion: v1

kind: ServiceAccount

metadata:

  name: metrics-server

  namespace: kube-system

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: metrics-server

  namespace: kube-system

  labels:

    k8s-app: metrics-server

spec:

  selector:

    matchLabels:

      k8s-app: metrics-server

  template:

    metadata:

      name: metrics-server

      labels:

        k8s-app: metrics-server

    spec:

      serviceAccountName: metrics-server

      volumes:

      # mount in tmp so we can safely use from-scratch images and/or read-only containers

      - name: tmp-dir

        emptyDir: {}

      containers:

      - name: metrics-server

        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.2

      # image: k8s.gcr.io/metrics-server-amd64:v0.3.2

        imagePullPolicy: IfNotPresent

        command:

            - /metrics-server

            - --kubelet-preferred-address-types=InternalIP

            - --kubelet-insecure-tls

        volumeMounts:

        - name: tmp-dir

          mountPath: /tmp

注意:以上修改了3个地方:①是被墙的镜像;②镜像拉取策略;③添加命令和相关参数;

如果不修改command区域的参数则会报如下错误:

E0428 ::05.894325        manager.go:] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:k8s-node2: unable to fetch metrics from Kubelet k8s-node2 (138.138.82.16): Get https://138.138.82.16:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.16 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-node1: unable to fetch metrics from Kubelet k8s-node1 (138.138.82.15): Get https://138.138.82.15:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.15 because it doesn't contain any IP SANs, unable to fully scrape metrics from source kubelet_summary:k8s-master: unable to fetch metrics from Kubelet k8s-master (138.138.82.14): Get https://138.138.82.14:10250/stats/summary/: x509: cannot validate certificate for 138.138.82.14 because it doesn't contain any IP SANs]

附上metrcs-server命令参数详解:

Usage:

   [flags]

Flags:

      --alsologtostderr                                         log to standard error as well as files

      --authentication-kubeconfig string                        kubeconfig file pointing at the 'core' kubernetes server with enough rights to create tokenaccessreviews.authentication.k8s.io.

      --authentication-skip-lookup                              If false, the authentication-kubeconfig will be used to lookup missing authentication configuration from the cluster.

      --authentication-token-webhook-cache-ttl duration         The duration to cache responses from the webhook token authenticator. (default 10s)

      --authorization-kubeconfig string                         kubeconfig file pointing at the 'core' kubernetes server with enough rights to create  subjectaccessreviews.authorization.k8s.io.

      --authorization-webhook-cache-authorized-ttl duration     The duration to cache 'authorized' responses from the webhook authorizer. (default 10s)

      --authorization-webhook-cache-unauthorized-ttl duration   The duration to cache 'unauthorized' responses from the webhook authorizer. (default 10s)

      --bind-address ip                                         The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0)

      --cert-dir string                                         The directory where the TLS certs are located. If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. (default "apiserver.local.config/certificates")

      --client-ca-file string                                   If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.

      --contention-profiling                                    Enable lock contention profiling, if profiling is enabled

      --enable-swagger-ui                                       Enables swagger ui on the apiserver at /swagger-ui

  -h, --help                                                    help for this command

      --http2-max-streams-per-connection int                    The limit that the server gives to clients for the maximum number of streams in an HTTP/ connection. Zero means to use golang's default.

      --kubeconfig string                                       The path to the kubeconfig used to connect to the Kubernetes API server and the Kubelets (defaults to in-cluster config)

      --kubelet-certificate-authority string                    Path to the CA to use to validate the Kubelet's serving certificates.

      --kubelet-insecure-tls                                    Do not verify CA of serving certificates presented by Kubelets.  For testing purposes only.

      --kubelet-port int                                        The port to use to connect to Kubelets. (default )

      --kubelet-preferred-address-types strings                 The priority of node address types to use when determining which address to use to connect to a particular node (default [Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP])

      --log-flush-frequency duration                            Maximum number of seconds between log flushes (default 5s)

      --log_backtrace_at traceLocation                          when logging hits line file:N, emit a stack trace (default :)

      --log_dir string                                          If non-empty, write log files in this directory

      --logtostderr                                             log to standard error instead of files (default true)

      --metric-resolution duration                              The resolution at which metrics-server will retain metrics. (default 1m0s)

      --profiling                                               Enable profiling via web interface host:port/debug/pprof/ (default true)

      --requestheader-allowed-names strings                     List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed.

      --requestheader-client-ca-file string                     Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers. WARNING: generally do not depend on authorization being already done for incoming requests.

      --requestheader-extra-headers-prefix strings              List of request header prefixes to inspect. X-Remote-Extra- is suggested. (default [x-remote-extra-])

      --requestheader-group-headers strings                     List of request headers to inspect for groups. X-Remote-Group is suggested. (default [x-remote-group])

      --requestheader-username-headers strings                  List of request headers to inspect for usernames. X-Remote-User is common. (default [x-remote-user])

      --secure-port int                                         The port on which to serve HTTPS with authentication and authorization. If , don't serve HTTPS at all. (default 443)

      --stderrthreshold severity                                logs at or above this threshold go to stderr (default )

      --tls-cert-file string                                    File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory specified by --cert-dir.

      --tls-cipher-suites strings                               Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be use.  Possible values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA

      --tls-min-version string                                  Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12

      --tls-private-key-file string                             File containing the default x509 private key matching --tls-cert-file.

      --tls-sni-cert-key namedCertKey                           A pair of x509 certificate and private key file paths, optionally suffixed with a list of domain patterns which are fully qualified domain names, possibly with prefixed wildcard segments. If no domain patterns are provided, the names of the certificate are extracted. Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names. For multiple key/certificate pairs, use the --tls-sni-cert-key multiple times. Examples: "example.crt,example.key" or "foo.crt,foo.key:*.foo.com,foo.com". (default [])

  -v, --v Level                                                 log level for V logs

      --vmodule moduleSpec                                      comma-separated list of pattern=N settings for file-filtered logging

3. 应用所有配置文件到系统中

[root@k8s-master 1.8+]# kubectl apply -f .

clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created

clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created

rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created

apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

serviceaccount/metrics-server created

deployment.extensions/metrics-server created

service/metrics-server created

clusterrole.rbac.authorization.k8s.io/system:metrics-server created

clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

过个一两分钟(下载镜像和获取数据都会耗时)检查metrics-server的状态

[root@k8s-master 1.8+]# kubectl get po -n kube-system

NAME                                 READY   STATUS    RESTARTS   AGE

calico-node-b78m4                    /     Running             176m

calico-node-r5mlj                    /     Running             3h6m

calico-node-z5tdh                    /     Running             176m

coredns-fb8b8dccf-6mgks              /     Running             3h21m

coredns-fb8b8dccf-cbtlx              /     Running             3h21m

etcd-k8s-master                      /     Running             3h20m

kube-apiserver-k8s-master            /     Running             3h20m

kube-controller-manager-k8s-master   /     Running             3h20m

kube-proxy-c9xd2                     /     Running             3h21m

kube-proxy-fp2r2                     /     Running             176m

kube-proxy-lrsw7                     /     Running             176m

kube-scheduler-k8s-master            /     Running             3h20m

metrics-server-7579f696d8-pgcc4      1/1     Running   0          99s

[root@k8s-master 1.8+]# kubectl top node

NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%

k8s-master   179m         8%     1660Mi          43%

k8s-node1    81m          4%     908Mi           23%

k8s-node2    78m          3%     1036Mi          26%

看的出来,metrics-server已经正常running,并且能够获取节点的信息。

结束.

kubernetes 1.14安装部署metrics-server插件的更多相关文章

  1. kubernetes 1.14安装部署EFK日志收集系统

    简单介绍: EFK 组合插件是k8s项目的一个日志解决方案,它包括三个组件:Elasticsearch, Fluentd, Kibana.相对于ELK这样的架构,k8s官方推行了EFK,可能Fluen ...

  2. kubernetes 1.14安装部署helm插件

    简单介绍: Helm其实就是一个基于Kubernetes的程序包(资源包)管理器,它将一个应用的相关资源组织成为Charts,并通过Charts管理程序包.再简单点说,可以当做RHEL/CentOS系 ...

  3. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  4. kubernetes 1.14安装部署ingress

    简单介绍: Ingress是Kubernetes API的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用来将集群外部的请求流量转发至集群内部. ...

  5. Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)

    Azkaban是什么?(一) Azkaban的功能特点(二) Azkaban的架构(三) Hadoop工作流引擎之Azkaban与Oozie对比(四) 不多说,直接上干货! http://www.cn ...

  6. python2.7.14安装部署(Linux)

    +++++++++++++++++++++++++++++++++++++++++++标题:python2.7.14安装部署(Linux)时间:2019年2月23日内容:Linux下python环境部 ...

  7. kubernetes 1.9 安装部署

    参考地址:https://github.com/gjmzj/kubeasz 引言 提供快速部署高可用k8s集群的工具,基于二进制方式部署和利用ansible-playbook实现自动化,既提供一键安装 ...

  8. kubernetes 源码安装部署 1.12

    一. 前期准备 参考文档 https://jimmysong.io/kubernetes-handbook/practice/create-tls-and-secret-key.html 1. 安装g ...

  9. Kubernetes 集群安装部署

    etcd集群配置 master节点配置 1.安装kubernetes etcd [root@k8s ~]# yum -y install kubernetes-master etcd 2.配置 etc ...

随机推荐

  1. [Java] 为什么字符串比较不能用两个等号(==)

    Java中,使用"=="比较字符串时,判断的是两个字符串是否存放在相同的位置.如果两个字符串存放在相同的位置,那么它们就是相同的,使用"=="比较的结果也就是T ...

  2. SAP HUM 事务代码HUMO为整托做Scrap

    SAP HUM 事务代码HUMO为整托做Scrap HUMO事务代码查询结果里,选择某个HU, 回车,过账成功, 2019-04-10 写于苏州市.  

  3. Android ViewPager+Fragment 在Activity中获取Fragment的控件

    如果ViewPager+Fragment实现Tab切换,在activity中利用adapter.getItem获取到fragment然后再根据fragment.的方法获取控件 //隐藏求租,以下代码用 ...

  4. Java递归方法遍历二叉树的代码

    将内容过程中经常用的内容做个记录,如下内容内容是关于Java递归方法遍历二叉树的内容. package com.wzs; public class TestBinaryTree { public st ...

  5. 数据库:MySQL实战;左链接;查询WordPress数据库中的文章内容

    在1年前,我用学生价租了一个阿里云服务器(是真的便宜啊),自己在CentOS系统上用命令行搭了个WordPress的环境,开始了为期一个月使用自建博客的历程. 事实证明,博客在类似博客园这样的平台上写 ...

  6. Spark 基本函数学习笔记一

      Spark 基本函数学习笔记一¶ spark的函数主要分两类,Transformations和Actions. Transformations为一些数据转换类函数,actions为一些行动类函数: ...

  7. 关于 python中的 TKinterlistbox 控件加横竖滚动条

    上代码 win=tkinter.Tk() scorllbar=tkinter.Scrollbar(win) scorllbar.pack(side=tkinter.RIGHT,fill=tkinter ...

  8. Java三大特性

    Java 三大特性,算是Java独特的表现,提到Java 的三大特性, 我们都会想到封装, 继承和多态 这是我们Java 最重要的特性. 封装(Encapsulation) : 封装:是指隐藏对象的属 ...

  9. java基础之-I/O流和File类解析

    在日常的java开发中少不了文件的读取和 写入,这就涉及到文件的I/O操作,今天就来总结下文件的IO操作,顺便文件的IO操作也需要File了的帮助,所以一起总结了. 以下图片为我根据其他博客所总结的内 ...

  10. 看到了必须要Mark啊,最全的编程中英文词汇对照汇总(里面有好几个版本的,每个版本从a到d的顺序排列)

    java:  第一章: JDK(Java Development Kit) java开发工具包 JVM(Java Virtual Machine) java虚拟机 Javac  编译命令 java   ...