首页 > 其他分享 >部署 metrics-server

部署 metrics-server

时间:2023-01-30 15:31:26浏览次数:46  
标签:kubernetes etc 部署 server metrics -- client pki



安装 metrics-server

通过 kubeadm 安装的 k8s 集群默认是没有安装 metrics-server,因此需要手工安装。

k8s 版本 v1.22.2
系统 Anolis OS 7.9
内核版本 3.10.0-1160.an7.x86_64
docker 版本 20.10.21
ingress-nginx 版本 v1.4.0

修改 api server
先检查 k8s 集群的 api server 是否有启用API Aggregator:

[root@k8s01 ~]# ps -ef | grep apiserver
root 4350 32424 0 14:27 pts/4 00:00:00 grep --color=auto apiserver
root 22557 22536 8 2022 ? 2-18:00:06 kube-apiserver --advertise-address=172.168.150.1 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key

对比:

[root@k8s01 ~]# ps -ef | grep apiserver | grep enable-aggregator-routing

默认是没有开启的。因此需要修改 k8s apiserver 的配置文件:

[root@k8s01 ~]# vim /etc/kubernetes/manifests/kube-apiserver.yaml

增加 --enable-aggregator-routing=true

apiVersion: v1
kind: Pod
......
spec:
containers:
- command:
- kube-apiserver
......
- --enable-bootstrap-token-auth=true
- --enable-aggregator-routing=true # 增加这行


api server 会自动重启,稍后用命令验证一下:

[root@k8s01 ~]# ps -ef | grep apiserver | grep enable-aggregator-routing
root 7577 7558 14 14:31 ? 00:00:15 kube-apiserver --advertise-address=172.168.150.1 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --enable-aggregator-routing=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key


下载并修改安装文件
先下载安装文件,直接用最新版本:
[root@k8s01 yaml]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

如果要安装指定版本,请查看 https://github.com/kubernetes-sigs/metrics-server/releases/ 页面。

修改下载下来的 components.yaml, 增加 --kubelet-insecure-tls 并修改 --kubelet-preferred-address-types:

template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP # 修改这行,默认是InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls # 增加这行

[root@k8s01 yaml]# kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

稍等片刻看是否启动:
[root@k8s01 yaml]# kubectl get pod -n kube-system | grep metrics-server

[root@k8s01 yaml]# kubectl get pod -n kube-system | grep metrics-server
metrics-server-6bdf677949-dpscp 0/1 ImagePullBackOff 0 30s

查看日志
kubectl describe pod metrics-server-6bdf677949-dpscp -n kube-system

Failed to pull image "k8s.gcr.io/metrics-server/metrics-server:v0.6.2"
修改镜像地址
image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.2


[root@k8s01 yaml]# kubectl delete -f components.yaml
[root@k8s01 yaml]# kubectl apply -f components.yaml

重新稍等片刻看是否启动:
[root@k8s01 yaml]# kubectl get pod -n kube-system | grep metrics-server
metrics-server-787dd9d855-m8c7q 1/1 Running 0 93s

验证一下,查看 service 信息

[root@k8s01 yaml]# kubectl describe svc metrics-server -n kube-system
Name: metrics-server
Namespace: kube-system
Labels: k8s-app=metrics-server
Annotations: <none>
Selector: k8s-app=metrics-server
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.110.109.41
IPs: 10.110.109.41
Port: https 443/TCP
TargetPort: https/TCP
Endpoints: 10.244.209.30:4443
Session Affinity: None
Events: <none>

# ping 一下这个 IP 地址 10.244.209.30
[root@k8s01 yaml]# ping 10.244.209.30
PING 10.244.209.30 (10.244.209.30) 56(84) bytes of data.
64 bytes from 10.244.209.30: icmp_seq=1 ttl=63 time=0.338 ms
64 bytes from 10.244.209.30: icmp_seq=2 ttl=63 time=0.294 ms


简单验证一下基本使用。
[root@k8s01 yaml]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s01.fengyue.com 226m 5% 2927Mi 37%
k8s02.fengyue.com 121m 3% 2359Mi 30%
k8s03.fengyue.com 96m 2% 2639Mi 34%
k8s04.fengyue.com 107m 2% 1721Mi 22%
k8s05.fengyue.com 92m 2% 3787Mi 49%

[root@k8s01 yaml]# kubectl top pods -n kube-system
NAME CPU(cores) MEMORY(bytes)
calico-kube-controllers-846d7f49d8-5ndh5 4m 52Mi
calico-node-6zslk 25m 138Mi
calico-node-l9xgd 25m 151Mi
calico-node-mdwwz 25m 140Mi
calico-node-mkw6x 24m 109Mi
calico-node-xvntv 27m 144Mi
coredns-7f6cbbb7b8-29jnv 2m 16Mi
coredns-7f6cbbb7b8-c86hc 2m 16Mi
etcd-k8s01.fengyue.com 23m 333Mi
kube-apiserver-k8s01.fengyue.com 77m 347Mi
kube-controller-manager-k8s01.fengyue.com 19m 49Mi
kube-proxy-2lq92 1m 15Mi
kube-proxy-7h27b 1m 16Mi
kube-proxy-7w6rh 1m 16Mi
kube-proxy-gmhqs 1m 25Mi
kube-proxy-w4q6p 1m 16Mi
kube-scheduler-k8s01.fengyue.com 5m 17Mi
metrics-server-787dd9d855-m8c7q 4m 14Mi

标签:kubernetes,etc,部署,server,metrics,--,client,pki
From: https://blog.51cto.com/nowsafe/6026448

相关文章

  • SQL Server 安装、配置、迁移 二
    本篇博客记录网络配置。本机IP地址:10.15.66.169打开配置界面,如图所示设置TCP/IP为Enabled。双击TCP/IP,出现TCP/IPProperties窗口。选择一个指向本......
  • identityserver4 客户claims里没有用户姓名的问题
    客户端代码JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();services.AddAuthentication(options=>{options.DefaultSch......
  • 前后端部署2【reggie_take_out】
    1使用课程资料中的后端项目静态资源(nginx单独server端口部署)课程资料只提供了后台前端打包资源,没有前台前端的打包http://123.249.83.224:8001#usernobody;......
  • 15.1 SQL Server创建LOGIN(登录)
    SQLServer创建LOGIN(登录)目录SQLServer创建LOGIN(登录)简介示例SQLServerCREATELOGIN语句更多选项CHECK_POLICY选项CHECK_EXPIRATION选项MUST_CHANGE选项从Windows域帐......
  • 部署docker
    #安装docker#参考文档如下#https://docs.docker.com/install/linux/docker-ce/centos/#https://docs.docker.com/install/linux/linux-postinstall/#系统版本CentOS......
  • 部署tomcat
    部署tomcat https://tomcat.apache.org/download-90.cgi   直接解压即完成安装;然后通过window的浏览器去访问,注意一下把8080端口的防火墙要开放;< 防火墙开......
  • 二手MicroServer Gen8折腾记
    上个月冲动消费,入手了一台HPEProLiantMicroServerGen8。其实我早想搞一台正经的服务器来玩了,因为群晖的魔改Linux总是玩的不那么爽。现在心愿实现,开始折腾。重置iLO到......
  • k8s集群不可用:The connection to the server 192.168.117.161:6443 was refused -
    虚拟机非正常关机后,k8s集群不可用获取节点,报如下错,kubectlgetnode 查看env:env|grep-ikubernetes 查看docker状态:systemctlstatusdocker 查看kubelet状态:systemct......
  • Windows server 2012 安装ad域
    Windowsserver2012安装ad域 安装ad域(activedirectory)服务的作用:存储目录数据并管理域之间的通信,包括用户登录处理,身份验证和目录搜索等。 1.使用administrator......
  • SQL Server 安装 一
    平时很少涉及数据库相关的任务,每当要使用时,就搜索查找,用后就忘。这次决定把相关过程记录下来,供自己参考。先下载两个软件:SQL2017Express(数据库)和SQLServerManagemen......