本文详细介绍了在Kubernetes集群中部署metrics-server的过程,包括创建用户、生成证书、配置apiservice等关键步骤,解决了无法监控内存和CPU资源的问题。
下载metrics-server的yaml文件
解决上章遗留的问题:无法监控内存和cpu资源
转接上文:部署k8s监控(3):dashboard-2.0.1
一、创建用户,并生成证书
[root@k8s-master1 /]# useradd aggregator
[root@k8s-master1 aggregator]# vim ./metrics-server-csr.json
{
"CN": "aggregator",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
#生成证书
[root@k8s-master1 aggregator]# cfssl gencert \
-ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-csr.json \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server
#查看生成的证书
[root@k8s-master1 aggregator]# ls
metrics-server.csr metrics-server-csr.json metrics-server-key.pem metrics-server.pem
二、开启聚合层
[root@k8s-master1 /]# vim /opt/kubernetes/cfg/kube-apiserver
--requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/home/aggregator/metrics-server.pem \
--proxy-client-key-file=/home/aggregator/metrics-server-key.pem"
如果报以下错误说明没有修改metrics-server-deployment.yaml文件,同时也需要coredns的参与
E0526 16:44:18.091548 1 manager.go:102] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:node1: unable to fetch metrics from Kubelet node1 (node1): Get http://node1:10250/stats/summary/: dial tcp: lookup node1 on 10.0.0.2:53: server misbehaving, unable to fully scrape metrics from source kubelet_summary:master1: unable to fetch metrics from Kubelet master1 (master1): Get http://master1:10250/stats/summary/: dial tcp: lookup master1 on 10.0.0.2:53: server misbehaving, unable to fully scrape metrics from source kubelet_summary:node2: unable to fetch metrics from Kubelet node2 (node2): Get http://node2:10250/stats/summary/: dial tcp: lookup node2 on 10.0.0.2:53: server misbehaving]
#修改文件
[root@k8s-master1 /]# vim /root/metrics/metrics-server-deployment.yaml
spec:
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.1
command:
- /metrics-server
- --kubelet-insecure-tls #添加
#- --metric-resolution=30s #注释
- --kubelet-preferred-address-types=InternalIP #添加
# These are needed for GKE, which doesn't support secure communication yet.
# Remove these lines for non-GKE clusters, and when GKE supports token-based auth.
#- --kubelet-port=10255 #注释,让他使用10250
#- --deprecated-kubelet-completely-insecure=true #注释
——————————————————————————————————————————————————————
volumeMounts:
- name: metrics-server-config-volume
mountPath: /etc/config
command: #修改以下带有环境变量的值
- /pod_nanny
- --config-dir=/etc/config
- --cpu=100m
- --extra-cpu=0.5m
- --memory=100Mi
- --extra-memory=10Mi
- --threshold=5
- --deployment=metrics-server-v0.3.1
- --container=metrics-server
- --poll-period=300000
- --estimator=exponential
# Specifies the smallest cluster (defined in number of nodes)
# resources will be scaled to.
#- --minClusterSize={{ metrics_server_min_cluster_size }}
volumes:
[root@k8s-master1 /]# vim /root/metrics/resource-reader.yaml
resources:
- pods
- nodes
- namespaces
- nodes/stats #添加
verbs:
三、生成apiservice
[root@k8s-master1 /]# kubectl apply -f /root/metrics/
[root@k8s-master1 /]# kubectl get apiservice
v1beta1.metrics.k8s.io kube-system/metrics-server True 54m
#查看是否配置成功
[root@k8s-master1 /]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master1 110m 5% 849Mi 45%
node1 62m 3% 873Mi 46%
node2 53m 2% 583Mi 30%
四、查看web界面
扫一扫
7410
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
