suse 12 二进制部署 Kubernetets 1.19.7 - 第13章 - 部署metrics-server插件

简介: suse 12 二进制部署 Kubernetets 1.19.7 - 第13章 - 部署metrics-server插件

metrics-server用于监测node,pod等的CPU,内存使用情况(hpa弹性伸缩依赖metrics-server插件)

1.13.0、创建metrics-server证书和私钥

k8s-01:~ # cd /opt/k8s/ssl/
k8s-01:/opt/k8s/ssl # source /opt/k8s/bin/k8s-env.sh
k8s-01:/opt/k8s/ssl # cat > metrics-server-csr.json <<EOF
{
  "CN": "aggregator",
  "hosts": [
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "ShangHai",
      "L": "ShangHai",
      "O": "k8s",
      "OU": "bandian"
    }
  ]
}
EOF

1.13.1、生成metrics-server证书和私钥

k8s-01:/opt/k8s/ssl # cfssl gencert -ca=/opt/k8s/ssl/ca.pem \
-ca-key=/opt/k8s/ssl/ca-key.pem \
-config=/opt/k8s/ssl/ca-config.json \
-profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server

1.13.2、开启kube-apiserver聚合配置

  • 在kube-apiserver.service文件里面,增加如下内容,用来开启聚合(此操作,后面需要重启kube-apiserver组件,建议在部署kube-apiserver的时候,就开启聚合)
--proxy-client-cert-file=/etc/kubernetes/cert/metrics-server.pem \\
--proxy-client-key-file=/etc/kubernetes/cert/metrics-server-key.pem \\
--requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem \\
--requestheader-allowed-names=aggregator \\
--requestheader-extra-headers-prefix="X-Remote-Extra-" \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-username-headers=X-Remote-User
  • 为了方便,就重新创建kube-apiserver.service文件了(注意自己kube-apiserver的service文件,别直接复制黏贴我的配置文件)
k8s-01:~ # cd /opt/k8s/conf/
k8s-01:/opt/k8s/conf # cat > kube-apiserver.service.template <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=${K8S_DIR}/kube-apiserver
ExecStart=/opt/k8s/bin/kube-apiserver \\
  --v=2 \\
  --advertise-address=##NODE_IP## \\
  --secure-port=6443 \\
  --bind-address=##NODE_IP## \\
  --etcd-servers=${ETCD_ENDPOINTS} \\
  --allow-privileged=true \\
  --service-cluster-ip-range=${SERVICE_CIDR} \\
  --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\
  --authorization-mode=RBAC,Node \\
  --enable-bootstrap-token-auth=true \\
  --token-auth-file=/etc/kubernetes/cert/token.csv \\
  --service-node-port-range=${NODE_PORT_RANGE} \\
  --kubelet-client-certificate=/etc/kubernetes/cert/kubernetes.pem \\
  --kubelet-client-key=/etc/kubernetes/cert/kubernetes-key.pem \\
  --tls-cert-file=/etc/kubernetes/cert/kubernetes.pem \\
  --tls-private-key-file=/etc/kubernetes/cert/kubernetes-key.pem \\
  --client-ca-file=/etc/kubernetes/cert/ca.pem \\
  --service-account-key-file=/etc/kubernetes/cert/ca.pem \\
  --etcd-cafile=/etc/kubernetes/cert/ca.pem \\
  --etcd-certfile=/etc/kubernetes/cert/kubernetes.pem \\
  --etcd-keyfile=/etc/kubernetes/cert/kubernetes-key.pem \\
  --audit-log-maxage=15 \\
  --audit-log-maxbackup=3 \\
  --audit-log-maxsize=100 \\
  --audit-log-truncate-enabled \\
  --audit-log-path=${K8S_DIR}/kube-apiserver/audit.log \\
  --proxy-client-cert-file=/etc/kubernetes/cert/metrics-server.pem \\
  --proxy-client-key-file=/etc/kubernetes/cert/metrics-server-key.pem \\
  --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem \\
  --requestheader-allowed-names=aggregator \\
  --requestheader-extra-headers-prefix="X-Remote-Extra-" \\
  --requestheader-group-headers=X-Remote-Group \\
  --requestheader-username-headers=X-Remote-User
Restart=on-failure
RestartSec=10
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF

1.13.3、分发配置文件和秘钥到其他节点

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
# 替换模板文件
for (( i=0; i < 3; i++ ))
do
    sed -e "s/##NODE_IP##/${MASTER_IPS[i]}/" /opt/k8s/conf/kube-apiserver.service.template > \
           /opt/k8s/conf/kube-apiserver-${MASTER_IPS[i]}.service
done
for host in ${MASTER_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    scp /opt/k8s/ssl/metrics-server*.pem ${host}:/etc/kubernetes/cert/
    scp /opt/k8s/conf/kube-apiserver-${host}.service ${host}:/etc/systemd/system/kube-apiserver.service
done

1.13.4、重启所有的kube-apiserver组件

#!/usr/bin/env bash
source /opt/k8s/bin/k8s-env.sh
for host in ${MASTER_IPS[@]}
do
    printf "\e[1;34m${host}\e[0m\n"
    ssh root@${host} "systemctl daemon-reload && \
                      systemctl restart kube-apiserver && \
                      systemctl status kube-apiserver | grep Active"
done

1.13.5、下载yaml文件

k8s-01:~ # wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml

1.13.6、配置yaml文件

  • 由于github上面拉取的yaml当中,有许多内容需要修改,因此,下面将修改好的yaml文件放上来了,可以直接使用
k8s-01:~ # vim components.yaml
---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:aggregated-metrics-reader
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
  resources: ["pods", "nodes"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metrics-server:system:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: metrics-server-auth-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: v1beta1.metrics.k8s.io
spec:
  service:
    name: metrics-server
    namespace: kube-system
  group: metrics.k8s.io
  version: v1beta1
  insecureSkipTLSVerify: true
  groupPriorityMinimum: 100
  versionPriority: 100
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    k8s-app: metrics-server
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
        imagePullPolicy: IfNotPresent
        args:
          - --cert-dir=/tmp
          - --secure-port=4443
          - --kubelet-insecure-tls
          - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
        ports:
        - name: main-port
          containerPort: 4443
          protocol: TCP
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: "amd64"
---
apiVersion: v1
kind: Service
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    kubernetes.io/name: "Metrics-server"
    kubernetes.io/cluster-service: "true"
spec:
  selector:
    k8s-app: metrics-server
  ports:
  - port: 443
    protocol: TCP
    targetPort: main-port
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  - namespaces
  - configmaps
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:metrics-server
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
k8s-01:~ # kubectl apply -f components.yaml

1.13.7、验证metrics-server功能

  • metrics-server启动会比较慢,耐心等待1-3分钟,出现如下效果,则成功
  • 若没有出现,则使用 kubectl logs -n kube-system metrics-server-xxxx 查看日志
k8s-01:~ # kubectl top node
NAME            CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
192.168.72.55   129m         6%     2232Mi          58%
192.168.72.56   119m         5%     1555Mi          40%
192.168.72.57   114m         5%     1425Mi          37%
192.168.72.58   31m          1%     711Mi           18%
192.168.72.59   28m          1%     733Mi           19%
k8s-01:~ # kubectl top pod -A
NAMESPACE     NAME                              CPU(cores)   MEMORY(bytes)
kube-system   coredns-689d7d9f49-s2qjn          2m           13Mi
kube-system   coredns-689d7d9f49-vc9k4          3m           17Mi
kube-system   metrics-server-666566b66d-jfl7v   2m           12Mi


相关实践学习
容器服务Serverless版ACK Serverless 快速入门:在线魔方应用部署和监控
通过本实验,您将了解到容器服务Serverless版ACK Serverless 的基本产品能力,即可以实现快速部署一个在线魔方应用,并借助阿里云容器服务成熟的产品生态,实现在线应用的企业级监控,提升应用稳定性。
云原生实践公开课
课程大纲 开篇:如何学习并实践云原生技术 基础篇: 5 步上手 Kubernetes 进阶篇:生产环境下的 K8s 实践 相关的阿里云产品:容器服务&nbsp;ACK 容器服务&nbsp;Kubernetes&nbsp;版(简称&nbsp;ACK)提供高性能可伸缩的容器应用管理能力,支持企业级容器化应用的全生命周期管理。整合阿里云虚拟化、存储、网络和安全能力,打造云端最佳容器化应用运行环境。 了解产品详情:&nbsp;https://www.aliyun.com/product/kubernetes
目录
相关文章
|
6月前
|
Linux Perl
suse 12 二进制部署 Kubernetets 1.19.7 - 第12章 - 部署dashboard插件
suse 12 二进制部署 Kubernetets 1.19.7 - 第12章 - 部署dashboard插件
23 0
|
6月前
|
Kubernetes 应用服务中间件 Linux
suse 12 二进制部署 Kubernetets 1.19.7 - 第05章 - 部署kube-nginx
suse 12 二进制部署 Kubernetets 1.19.7 - 第05章 - 部署kube-nginx
32 0
|
5月前
|
时序数据库
InfluxData【部署 02】时序数据库 InfluxDB 客户端工具 Influx CLI 最新版本安装启动验证(在线安装+离线安装+各版本下载地址)
InfluxData【部署 02】时序数据库 InfluxDB 客户端工具 Influx CLI 最新版本安装启动验证(在线安装+离线安装+各版本下载地址)
185 0
|
6月前
|
前端开发 Linux 容器
suse 12 二进制部署 Kubernetets 1.19.7 - 第07章 - 部署kube-controller-manager组件
suse 12 二进制部署 Kubernetets 1.19.7 - 第07章 - 部署kube-controller-manager组件
21 0
|
5月前
|
存储 运维 Kubernetes
kubesphere安装部署附带Metrics server的安装
kubesphere安装部署附带Metrics server的安装
35 0
|
6月前
|
负载均衡 Linux
suse 12 二进制部署 Kubernetets 1.19.7 - 第10章 - 部署kube-proxy组件
suse 12 二进制部署 Kubernetets 1.19.7 - 第10章 - 部署kube-proxy组件
26 0
|
6月前
|
Kubernetes 前端开发 安全
suse 12 二进制部署 Kubernetets 1.19.7 - 第09章 - 部署kubelet组件
suse 12 二进制部署 Kubernetets 1.19.7 - 第09章 - 部署kubelet组件
27 0
|
6月前
|
Linux
suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件
suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件
41 0
|
6月前
|
Linux API Docker
suse 12 二进制部署 Kubernetets 1.19.7 - 第03章 - 部署flannel插件
suse 12 二进制部署 Kubernetets 1.19.7 - 第03章 - 部署flannel插件
32 0
|
6月前
|
存储 Kubernetes 固态存储
suse 12 二进制部署 Kubernetets 1.19.7 - 第02章 - 部署etcd集群
suse 12 二进制部署 Kubernetets 1.19.7 - 第02章 - 部署etcd集群
40 0