系統環境:
- Kubernetes 版本:1.18.2
- Metrics Server 版本:0.3.6
示例部署文件地址:
一、Metrics Server 簡介
介紹 Metrics Server 前首先介紹下 Heapster,該工具是用於 Kubernetes 集羣監控和性能分析工具,可以收集節點上的指標數據,例如,節點的 CPU、Memory、Network 和 Disk 的 Metric 數據。不過在 Kubernetes V1.11 版本後將被逐漸廢棄。而 Metrics Server 正是 Heapster 的代替者。
Metrics Server 是 Kubernetes 集羣核心監控數據的聚合器,可以通過 Metrics API 的形式獲取 Metrics 數據,不過僅僅是獲取指標的最新值,不對舊值進行存儲,且不負責將指標轉發到第三方目標。Metrics Server 還可以與 Kubectl 工具結合使用,提供 kubectl top 命令來展示集羣中的指標數據,接下來我們開始部署 Metrics Server。
二、部署應用權限 RBAC 資源
Kubernetes 部署 Metrics Server 前需要先提前部署 RBAC 相關配置,這樣 Metrics Server 纔能有足夠的權限獲取系統組件的信息。
準備相關的鏡像
[root@node1 ~]# docker pull registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
v0.3.6: Pulling from google_containers/metrics-server-amd64
e8d8785a314f: Pull complete
b2f4b24bed0d: Pull complete
Digest: sha256:c9c4e95068b51d6b33a9dccc61875df07dc650abbf4ac1a19d58b4628f89288b
Status: Downloaded newer image for registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
創建 Metrics RBAC 文件
metrics-rbac.yaml
## ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
## ClusterRole aggregated-metrics-reader
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods","nodes"]
verbs: ["get","list","watch"]
---
## ClusterRole metrics-server
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups: [""]
resources: ["pods","nodes","nodes/stats","namespaces","configmaps"]
verbs: ["get","list","watch"]
---
## ClusterRoleBinding auth-delegator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
## RoleBinding metrics-server-auth-reader
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
## ClusterRoleBinding system:metrics-server
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
通過 Kubectl 工具部署 Metrics RBAC
- -n:指定部署應用的 Namespace 命名空間
[root@master metrics]# kubectl apply -f metrics-rbac.yaml -n kube-system
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
三、部署 APIService 資源
設置擴展 API Service 工作於聚合層,允許使用其 API 擴展 Kubernetes apiserver,而這些 API 並不是核心 Kubernetes API 的一部分。這裏部署 APIservice 資源,來提供 Kubernetes Metrics 指標 API 數據。
創建 Metrics APIService 文件
metrics-api-service.yaml
## APIService
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
通過 Kubectl 工具部署 Metrics APIService
- -n:指定部署應用的 Namespace 命名空間
[root@master metrics]# kubectl apply -f metrics-api-service.yaml -n kube-system
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
四、部署 Metrics Server 應用
創建 Metrics 部署文件
metrics-server-deploy.yaml
## Service
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
targetPort: 4443
---
## Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
hostNetwork: true
serviceAccountName: metrics-server
containers:
- name: metrics-server
image: registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
memory: 1Gi
cpu: 1000m
requests:
memory: 1Gi
cpu: 1000m
volumeMounts:
- name: tmp-dir
mountPath: /tmp
- name: localtime
readOnly: true
mountPath: /etc/localtime
volumes:
- name: tmp-dir
emptyDir: {}
- name: localtime
hostPath:
type: File
path: /etc/localtime
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: "amd64"
通過 Kubectl 工具部署 Metrics 應用
- -n:指定部署應用的 Namespace 命名空間
[root@master metrics]# kubectl apply -f metrics-server-deploy.yaml -n kube-system
service/metrics-server created
deployment.apps/metrics-server created
五、進行測試
當部署完 Metrics Server 後,可以通過 kubectl 工具進行測試,默認支持下面命令:
- kubectl top pod: 獲取 Pod 的 CPU、Memory 使用信息。
- kubectl top node: 獲取 Node 的 CPU、Memory 使用信息。
輸入上面命令進行測試,如下:
1、獲取全部節點指標信息
[root@master metrics]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 142m 3% 1144Mi 42%
node1 72m 1% 548Mi 20%
node2 38m 0% 543Mi 20%
2、獲取某個 Namespace Pod 的指標信息
[root@master metrics]# kubectl top pods -n kube-system
NAME CPU(cores) MEMORY(bytes)
coredns-66bff467f8-4hb27 4m 11Mi
coredns-66bff467f8-c8v2k 3m 10Mi
dashboard-metrics-scraper-d5698f9b8-jlsrt 1m 8Mi
etcd-master 21m 32Mi
kube-apiserver-master 47m 335Mi
kube-controller-manager-master 17m 40Mi
kube-flannel-ds-amd64-9lzqb 3m 14Mi
kube-flannel-ds-amd64-bqm9r 3m 16Mi
kube-flannel-ds-amd64-hntqr 2m 14Mi
kube-proxy-46v8f 1m 20Mi
kube-proxy-8mmfn 1m 19Mi
kube-proxy-c5vkx 1m 19Mi
kube-scheduler-master 3m 17Mi
kubernetes-dashboard-5c67c4f589-lgzw5 1m 22Mi
metrics-server-59f947bc97-7r6xx 1m 12Mi
3、獲取某個 Namespace 下某個 Pod 的指標信息
[root@master metrics]# kubectl top pods coredns-66bff467f8-4hb27 -n kube-system
NAME CPU(cores) MEMORY(bytes)
coredns-66bff467f8-4hb27 3m 11Mi
4、獲取全部 Namespace 下的 Pod 的指標信息
[root@master metrics]# kubectl top pods --all-namespaces
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system coredns-66bff467f8-4hb27 3m 11Mi
kube-system coredns-66bff467f8-c8v2k 3m 10Mi
kube-system dashboard-metrics-scraper-d5698f9b8-jlsrt 1m 8Mi
kube-system etcd-master 13m 32Mi
kube-system kube-apiserver-master 46m 289Mi
kube-system kube-controller-manager-master 18m 40Mi
kube-system kube-flannel-ds-amd64-9lzqb 4m 14Mi
kube-system kube-flannel-ds-amd64-bqm9r 3m 16Mi
kube-system kube-flannel-ds-amd64-hntqr 3m 14Mi
kube-system kube-proxy-46v8f 1m 20Mi
kube-system kube-proxy-8mmfn 1m 19Mi
kube-system kube-proxy-c5vkx 1m 19Mi
kube-system kube-scheduler-master 3m 17Mi
kube-system kubernetes-dashboard-5c67c4f589-lgzw5 1m 22Mi
kube-system metrics-server-59f947bc97-7r6xx 1m 13Mi