下載metrics-server的yaml文件
解決上章遺留的問題:沒法監控內存和cpu資源
轉接上文:部署k8s監控(3):dashboard-2.0.1
node
1、建立用戶,並生成證書
[root@k8s-master1 /]# useradd aggregator [root@k8s-master1 aggregator]# vim ./metrics-server-csr.json { "CN": "aggregator", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "System" } ] } #生成證書 [root@k8s-master1 aggregator]# cfssl gencert \ -ca=/opt/kubernetes/ssl/ca.pem \ -ca-key=/opt/kubernetes/ssl/ca-csr.json \ -ca-key=/opt/kubernetes/ssl/ca-key.pem \ -profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server #查看生成的證書 [root@k8s-master1 aggregator]# ls metrics-server.csr metrics-server-csr.json metrics-server-key.pem metrics-server.pem
2、開啓聚合層
[root@k8s-master1 /]# vim /opt/kubernetes/cfg/kube-apiserver --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \ --requestheader-allowed-names=aggregator \ --requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-group-headers=X-Remote-Group \ --requestheader-username-headers=X-Remote-User \ --proxy-client-cert-file=/home/aggregator/metrics-server.pem \ --proxy-client-key-file=/home/aggregator/metrics-server-key.pem" 若是報如下錯誤說明沒有修改metrics-server-deployment.yaml文件,同時也須要coredns的參與 E0526 16:44:18.091548 1 manager.go:102] unable to fully collect metrics: [unable to fully scrape metrics from source kubelet_summary:node1: unable to fetch metrics from Kubelet node1 (node1): Get http://node1:10250/stats/summary/: dial tcp: lookup node1 on 10.0.0.2:53: server misbehaving, unable to fully scrape metrics from source kubelet_summary:master1: unable to fetch metrics from Kubelet master1 (master1): Get http://master1:10250/stats/summary/: dial tcp: lookup master1 on 10.0.0.2:53: server misbehaving, unable to fully scrape metrics from source kubelet_summary:node2: unable to fetch metrics from Kubelet node2 (node2): Get http://node2:10250/stats/summary/: dial tcp: lookup node2 on 10.0.0.2:53: server misbehaving] #修改文件 [root@k8s-master1 /]# vim /root/metrics/metrics-server-deployment.yaml spec: priorityClassName: system-cluster-critical serviceAccountName: metrics-server containers: - name: metrics-server image: k8s.gcr.io/metrics-server-amd64:v0.3.1 command: - /metrics-server - --kubelet-insecure-tls #添加 #- --metric-resolution=30s #註釋 - --kubelet-preferred-address-types=InternalIP #添加 # These are needed for GKE, which doesn't support secure communication yet. # Remove these lines for non-GKE clusters, and when GKE supports token-based auth. #- --kubelet-port=10255 #註釋,讓他使用10250 #- --deprecated-kubelet-completely-insecure=true #註釋 —————————————————————————————————————————————————————— volumeMounts: - name: metrics-server-config-volume mountPath: /etc/config command: #修改如下帶有環境變量的值 - /pod_nanny - --config-dir=/etc/config - --cpu=100m - --extra-cpu=0.5m - --memory=100Mi - --extra-memory=10Mi - --threshold=5 - --deployment=metrics-server-v0.3.1 - --container=metrics-server - --poll-period=300000 - --estimator=exponential # Specifies the smallest cluster (defined in number of nodes) # resources will be scaled to. #- --minClusterSize={{ metrics_server_min_cluster_size }} volumes: [root@k8s-master1 /]# vim /root/metrics/resource-reader.yaml resources: - pods - nodes - namespaces - nodes/stats #添加 verbs:
3、生成apiservice
[root@k8s-master1 /]# kubectl apply -f /root/metrics/ [root@k8s-master1 /]# kubectl get apiservice v1beta1.metrics.k8s.io kube-system/metrics-server True 54m #查看是否配置成功 [root@k8s-master1 /]# kubectl top nodes NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% master1 110m 5% 849Mi 45% node1 62m 3% 873Mi 46% node2 53m 2% 583Mi 30%
4、查看web界面