Metrics-Server概念介紹

Metrics-Server是集群核心監(jiān)控數(shù)據(jù)的聚合器办素，在k8s早期版本中，對資源的監(jiān)控使用的是heapster的資源監(jiān)控工具奔垦。但是從 Kubernetes 1.8 開始搬味，Kubernetes 通過 Metrics API 獲取資源使用指標老赤，例如容器 CPU 和內(nèi)存使用情況章郁。這些度量指標可以由用戶直接訪問枉氮，例如通過使用kubectl top 命令，或者使用集群中的控制器暖庄，,因為k8s的api-server將所有的數(shù)據(jù)持久化到了etcd中聊替，顯然k8s本身不能處理這種頻率的采集，而且這種監(jiān)控數(shù)據(jù)變化快且都是臨時數(shù)據(jù)培廓，因此需要有一個組件單獨處理他們.

環(huán)境：K8s-v1.18惹悄、Docker-18.06.1-ce

一、修改配置

1肩钠、檢查 API Server 是否開啟了 Aggregator Routing：查看 API Server 是否具有 --enable-aggregator-routing=true 選項俘侠。

[root@k8s-master manifests]# ps -ef | grep apiserver

root? ? ? 22008? 21989? 4 19:33 ?? ? ? ? 00:06:37 kube-apiserver --advertise-address=192.168.181.142 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true? --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-cluster-ip-range=10.1.0.0/16 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key

root? ? ? 66924? 57038? 0 21:47 pts/0? ? 00:00:00 grep --color=auto apiserver

2、修改每個 API Server 的 kube-apiserver.yaml 配置開啟 Aggregator Routing：修改 manifests 配置后 API Server 會自動重啟生效蔬将。

vim /etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1

kind: Pod

metadata:

? annotations:

? ? kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.10.253:6443

? creationTimestamp: null

? labels:

? ? component: kube-apiserver

? ? tier: control-plane

? name: kube-apiserver

? namespace: kube-system

spec:

? containers:

? - command:

? ? - kube-apiserver

? ? - --advertise-address=192.168.10.253

? ? - --allow-privileged=true

? ? - --authorization-mode=Node,RBAC

? ? - --client-ca-file=/etc/kubernetes/pki/ca.crt

? ? - --enable-admission-plugins=NodeRestriction

? ? - --enable-bootstrap-token-auth=true

? ? - --enable-aggregator-routing=true #添加本行

? ? - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt

? ? - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt

? ? - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key

? ? - --etcd-servers=https://127.0.0.1:2379

? ? - --insecure-port=0

? ? - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt

? ? - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key

? ? - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname

? ? - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt

? ? - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key

? ? - --requestheader-allowed-names=front-proxy-client

? ? - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt

? ? - --requestheader-extra-headers-prefix=X-Remote-Extra-

? ? - --requestheader-group-headers=X-Remote-Group

? ? - --requestheader-username-headers=X-Remote-User

? ? - --secure-port=6443

? ? - --service-account-key-file=/etc/kubernetes/pki/sa.pub

? ? - --service-cluster-ip-range=10.1.0.0/16

? ? - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt

? ? - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key

? ? image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.18.0

? ? imagePullPolicy: IfNotPresent

? ? livenessProbe:

? ? ? failureThreshold: 8

? ? ? httpGet:

? ? ? ? host: 192.168.10.253

? ? ? ? path: /healthz

? ? ? ? port: 6443

? ? ? ? scheme: HTTPS

? ? ? initialDelaySeconds: 15

? ? ? timeoutSeconds: 15

? ? name: kube-apiserver

? ? resources:

? ? ? requests:

? ? ? ? cpu: 250m

? ? volumeMounts:

? ? - mountPath: /etc/ssl/certs

? ? ? name: ca-certs

? ? ? readOnly: true

? ? - mountPath: /etc/pki

? ? ? name: etc-pki

? ? ? readOnly: true

? ? - mountPath: /etc/kubernetes/pki

? ? ? name: k8s-certs

? ? ? readOnly: true

? hostNetwork: true

? priorityClassName: system-cluster-critical

? volumes:

? - hostPath:

? ? ? path: /etc/ssl/certs

? ? ? type: DirectoryOrCreate

? ? name: ca-certs

? - hostPath:

? ? ? path: /etc/pki

? ? ? type: DirectoryOrCreate

? ? name: etc-pki

? - hostPath:

? ? ? path: /etc/kubernetes/pki

? ? ? type: DirectoryOrCreate

? ? name: k8s-certs

status: {}

二、安裝metrics-server(v0.3.6)

1央星、下載yaml文件

wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml

2霞怀、修改components.yaml文件

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

? name: system:aggregated-metrics-reader

? labels:

? ? rbac.authorization.k8s.io/aggregate-to-view: "true"

? ? rbac.authorization.k8s.io/aggregate-to-edit: "true"

? ? rbac.authorization.k8s.io/aggregate-to-admin: "true"

rules:

- apiGroups: ["metrics.k8s.io"]

? resources: ["pods", "nodes"]

? verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

? name: metrics-server:system:auth-delegator

roleRef:

? apiGroup: rbac.authorization.k8s.io

? kind: ClusterRole

? name: system:auth-delegator

subjects:

- kind: ServiceAccount

? name: metrics-server

? namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

? name: metrics-server-auth-reader

? namespace: kube-system

roleRef:

? apiGroup: rbac.authorization.k8s.io

? kind: Role

? name: extension-apiserver-authentication-reader

subjects:

- kind: ServiceAccount

? name: metrics-server

? namespace: kube-system

---

apiVersion: apiregistration.k8s.io/v1beta1

kind: APIService

metadata:

? name: v1beta1.metrics.k8s.io

spec:

? service:

? ? name: metrics-server

? ? namespace: kube-system

? group: metrics.k8s.io

? version: v1beta1

? insecureSkipTLSVerify: true

? groupPriorityMinimum: 100

? versionPriority: 100

---

apiVersion: v1

kind: ServiceAccount

metadata:

? name: metrics-server

? namespace: kube-system

---

apiVersion: apps/v1

kind: Deployment

metadata:

? name: metrics-server

? namespace: kube-system

? labels:

? ? k8s-app: metrics-server

spec:

? selector:

? ? matchLabels:

? ? ? k8s-app: metrics-server

? template:

? ? metadata:

? ? ? name: metrics-server

? ? ? labels:

? ? ? ? k8s-app: metrics-server

? ? spec:

? ? ? serviceAccountName: metrics-server

? ? ? volumes:

? ? ? # mount in tmp so we can safely use from-scratch images and/or read-only containers

? ? ? - name: tmp-dir

? ? ? ? emptyDir: {}

? ? ? containers:

? ? ? - name: metrics-server

? ? ? image: registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 #修改為阿里云的鏡像地址

? ? ? ? imagePullPolicy: IfNotPresent

? ? ? ? args:

? ? ? ? ? - --cert-dir=/tmp

? ? ? ? ? - --secure-port=4443

? ? ? ? ? - /metrics-server #新增

? ? ? ? ? - --kubelet-preferred-address-types=InternalIP #新增

? ? ? ? ? - --kubelet-insecure-tls #新增

? ? ? ? ports:

? ? ? ? - name: main-port

? ? ? ? ? containerPort: 4443

? ? ? ? ? protocol: TCP

? ? ? ? securityContext:

? ? ? ? ? readOnlyRootFilesystem: true

? ? ? ? ? runAsNonRoot: true

? ? ? ? ? runAsUser: 1000

? ? ? ? volumeMounts:

? ? ? ? - name: tmp-dir

? ? ? ? ? mountPath: /tmp

? ? ? nodeSelector:

? ? ? ? kubernetes.io/os: linux

? ? ? ? kubernetes.io/arch: "amd64"

---

apiVersion: v1

kind: Service

metadata:

? name: metrics-server

? namespace: kube-system

? labels:

? ? kubernetes.io/name: "Metrics-server"

? ? kubernetes.io/cluster-service: "true"

spec:

? selector:

? ? k8s-app: metrics-server

? ports:

? - port: 443

? ? protocol: TCP

? ? targetPort: main-port

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

? name: system:metrics-server

rules:

- apiGroups:

? - ""

? resources:

? - pods

? - nodes

? - nodes/stats

? - namespaces

? - configmaps

? verbs:

? - get

? - list

? - watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

? name: system:metrics-server

roleRef:

? apiGroup: rbac.authorization.k8s.io

? kind: ClusterRole

? name: system:metrics-server

subjects:

- kind: ServiceAccount

? name: metrics-server

? namespace: kube-system

3、安裝

kubectl apply -f components.yaml

4莉给、查看metrics-server服務狀態(tài)

[root@k8s-master manifests]# kubectl get pod -n kube-system | grep metrics-server

metrics-server-59dd47f7d9-qbsgq? ? ? 1/1? ? Running? 0? ? ? ? ? 9m32s

5毙石、檢查接口是否有異常

[root@k8s-master manifests]# kubectl describe apiservice v1beta1.metrics.k8s.io

Name:? ? ? ? v1beta1.metrics.k8s.io

Namespace:? ?

Labels:? ? ? <none>

Annotations:? API Version:? apiregistration.k8s.io/v1

Kind:? ? ? ? APIService

Metadata:

? Creation Timestamp:? 2021-02-26T07:55:08Z

? Resource Version:? ? 1948553

? Self Link:? ? ? ? ? /apis/apiregistration.k8s.io/v1/apiservices/v1beta1.metrics.k8s.io

? UID:? ? ? ? ? ? ? ? 515535ec-3766-4d8a-a6fe-c7b21781ae81

Spec:

? Group:? ? ? ? ? ? ? ? ? ? metrics.k8s.io

? Group Priority Minimum:? ? 100

? Insecure Skip TLS Verify:? true

? Service:

? ? Name:? ? ? ? ? ? metrics-server

? ? Namespace:? ? ? kube-system

? ? Port:? ? ? ? ? ? 443

? Version:? ? ? ? ? v1beta1

? Version Priority:? 100

Status:

? Conditions:

? ? Last Transition Time:? 2021-02-26T07:55:15Z

? ? Message:? ? ? ? ? ? ? all checks passed

? ? Reason:? ? ? ? ? ? ? ? Passed

? ? Status:? ? ? ? ? ? ? ? True

? ? Type:? ? ? ? ? ? ? ? ? Available

Events:? ? ? ? ? ? ? ? ? ? <none>

6廉沮、執(zhí)行以下命令，檢查節(jié)點占用性能情況徐矩。

[root@k8s-master manifests]# kubectl top nodes

NAME? ? ? ? CPU(cores)? CPU%? MEMORY(bytes)? MEMORY%?

k8s-master? 261m? ? ? ? 6%? ? 1222Mi? ? ? ? ? 15%? ? ?

k8s-node1? ? 144m? ? ? ? 3%? ? 702Mi? ? ? ? ? 9%? ? ? ?

k8s-node2? ? 50m? ? ? ? ? 5%? ? 535Mi? ? ? ? ? 31%

[root@k8s-master manifests]# kubectl top pods

NAME? ? ? ? ? ? ? ? ? CPU(cores)? MEMORY(bytes)?

liu-nginx? ? ? ? ? ? ? 0m? ? ? ? ? 6Mi? ? ? ? ? ?

nginx? ? ? ? ? ? ? ? ? 0m? ? ? ? ? 4Mi? ? ? ? ? ?

web-694d958794-52mj9? 1m? ? ? ? ? 3Mi? ? ? ? ? ?

web-694d958794-dmpv8? 1m? ? ? ? ? 3Mi? ? ? ? ? ?

web-694d958794-tv6nc? 1m? ? ? ? ? 5Mi?