kubernetes1.13.1部署metrics-server0.3.1

參考文檔

https://kubernetes.io/docs/tasks/debug-application-cluster/core-metrics-pipeline/#metrics-server
https://github.com/kubernetes-incubator/metrics-server/tree/master/deploy/1.8%2B
https://www.cnblogs.com/cuishuai/p/9857120.html
https://juejin.im/post/5b6592ace51d4515b01c11ed

簡介

Metrics Server
heapster 已經被廢棄了，後續版本中會使用 metrics-server代替
Metrics Server is a cluster-wide aggregator of resource usage data. Starting from Kubernetes 1.8 it’s deployed by default in clusters created by kube-up.sh script as a Deployment object. If you use a different Kubernetes setup mechanism you can deploy it using the provided deployment yamls. It’s supported in Kubernetes 1.7+ (see details below).
Metric server collects metrics from the Summary API, exposed by Kubelet on each node.
Metrics Server registered in the main API server through Kubernetes aggregator, which was introduced in Kubernetes 1.7.
Learn more about the metrics server in the design doc.

官網部署方法

git clone https://github.com/kubernetes-incubator/metrics-server
cd metrics-server
kubectl create -f deploy/1.8+/
kubectl -n kube-system get pods -l k8s-app=metrics-server

實際部署步驟

下載部署文件

[root@elasticsearch01 metrics-server]# ls 
aggregated-metrics-reader.yaml  auth-reader.yaml         metrics-server-deployment.yaml  resource-reader.yaml
auth-delegator.yaml             metrics-apiservice.yaml  metrics-server-service.yaml

構建images
可以在github上編寫Dockerfile，再通過阿里雲構建，構建後地址爲registry.cn-beijing.aliyuncs.com/minminmsn/metrics-server:v0.3.1
Dockerfile文件地址：https://github.com/minminmsn/k8s1.13/blob/master/metrics-server/Dockerfile

修改deployment鏡像地址
k8s.gcr.io/metrics-server:v0.3.1改成registry.cn-beijing.aliyuncs.com/minminmsn/metrics-server:v0.3.1
[root@elasticsearch01 metrics-server]# vim metrics-server-deployment.yaml

部署metrices-server

[root@elasticsearch01 metrics-server]# kubectl create -f /k8s/yaml/metrics-server/
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.extensions/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

報錯

I0109 05:55:43.708300       1 serving.go:273] Generated self-signed cert (apiserver.local.config/certificates/apiserver.crt, apiserver.local.config/certificates/apiserver.key)
Error: cluster doesn't provide requestheader-client-ca-file

排查

https://github.com/kubernetes-incubator/metrics-server/issues/22
https://github.com/kubernetes-incubator/bootkube/issues/994
https://github.com/pires/kubernetes-vagrant-coreos-cluster/pull/319
https://blog.csdn.net/liukuan73/article/details/81352637
https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/

解決方法
開啓聚合層，Enable apiserver flags，修改kube-apiserver配置，重啓服務

[root@elasticsearch01 cfg]# tail /k8s/kubernetes/cfg/kube-apiserver
--etcd-cafile=/k8s/etcd/ssl/ca.pem \
--etcd-certfile=/k8s/etcd/ssl/server.pem \
--etcd-keyfile=/k8s/etcd/ssl/server-key.pem \
--requestheader-client-ca-file=/k8s/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/k8s/kubernetes/ssl/kube-proxy.pem \
--proxy-client-key-file=/k8s/kubernetes/ssl/kube-proxy-key.pem"

[root@elasticsearch01 cfg]# systemctl restart kube-apiserver.service 
[root@elasticsearch01 cfg]# systemctl status kube-apiserver.service 
● kube-apiserver.service - Kubernetes API Server
   Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-01-09 14:56:59 CST; 8s ago
     Docs: https://github.com/kubernetes/kubernetes
 Main PID: 7465 (kube-apiserver)
   CGroup: /system.slice/kube-apiserver.service
           └─7465 /k8s/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://10.2.8.44:2379,https://10.2.8...

創建metrics-ingress便於外部訪問

[root@elasticsearch01 ~]# cat /k8s/yaml/metrics-server/metrics-server-ingress.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: metrics-ingress
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  tls:
  - hosts:
    - metrics.minminmsn.com
    secretName: ingress-secret
  rules:
    - host: metrics.minminmsn.com
      http:
        paths:
        - path: /
          backend:
            serviceName: metrics-server
            servicePort: 443
[root@elasticsearch01 metrics-server]# kubectl create -f metrics-server-ingress.yaml 
ingress.extensions/metrics-ingress created

驗證效果

https://metrics.minminmsn.com:47215/metrics