Heapster 是經過調用 kubelet 的 http API 來獲取 cAdvisor 的 metrics 數據的。git
因爲 kublet 只在 10250 端口接收 https 請求,故須要修改 heapster 的 deployment 配置。同時,須要賦予 kube-system:heapster ServiceAccount 調用 kubelet API 的權限。github
注意:若是沒有特殊指明,本文檔的全部操做均在 k8s-master1節點上執行。docker
cd /opt/k8s/work wget https://github.com/kubernetes/heapster/archive/v1.5.4.tar.gz tar -xzvf v1.5.4.tar.gz mv v1.5.4.tar.gz heapster-1.5.4.tar.gz
官方文件目錄: heapster-1.5.4/deploy/kube-config/influxdb
$ cd heapster-1.5.4/deploy/kube-config/influxdb $ cp grafana.yaml{,.orig} $ diff grafana.yaml.orig grafana.yaml 67c67 < # type: NodePort --- > type: NodePort
$ cp heapster.yaml{,.orig} $ diff heapster.yaml.orig heapster.yaml < - --source=kubernetes:https://kubernetes.default --- > - --source=kubernetes:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250
images=( heapster-amd64:v1.5.3 heapster-grafana-amd64:v4.4.3 heapster-influxdb-amd64:v1.3.3 ) for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName gcr.io/google_containers/$imageName done
$ cd /opt/k8s/work/heapster-1.5.4/deploy/kube-config/influxdb $ ls *.yaml grafana.yaml heapster.yaml influxdb.yaml $ kubectl create -f . $ cd ../rbac/ $ cp heapster-rbac.yaml{,.orig} vim heapster-rbac.yaml
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: heapster-kubelet-api roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:kubelet-api-admin subjects: - kind: ServiceAccount name: heapster namespace: kube-system kubectl create -f heapster-rbac.yaml
若是不修改,默認的 ClusterRole system:heapster 權限不足:api
E1128 10:00:05.010716 1 manager.go:101] Error in scraping containers from kubelet: failed to get all container stats from Kubelet URL "": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)" E1128 10:00:05.018556 1 manager.go:101] Error in scraping containers from kubelet: failed to get all container stats from Kubelet URL "": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)" E1128 10:00:05.022664 1 manager.go:101] Error in scraping containers from kubelet: failed to get all container stats from Kubelet URL "": request failed - "403 Forbidden", response: "Forbidden (user=system:serviceaccount:kube-system:heapster, verb=create, resource=nodes, subresource=stats)" W1128 10:00:25.000467 1 manager.go:152] Failed to get all responses in time (got 0/3)工具
[root@k8s-master1 influxdb]# kubectl get pods -n kube-system | grep -E 'heapster|monitoring' heapster-7b5d8fb59c-997p8 1/1 Running 0 10m monitoring-grafana-59d85ddc6-ws7j9 1/1 Running 0 10m monitoring-influxdb-5fffc746fd-m7bbb 1/1 Running 0 10m
檢查 kubernets dashboard 界面,能夠正確顯示各 Nodes、Pods 的 CPU、內存、負載等統計數據和圖表:google
獲取 monitoring-grafana 服務 URL:spa
[root@k8s-master1 influxdb]# kubectl cluster-info Kubernetes master is running at Heapster is running at CoreDNS is running at kubernetes-dashboard is running at monitoring-grafana is running at monitoring-influxdb is running at To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.