kubernetes集羣二進制部署metrics-server

之前搭建了k8s1.15的集羣，現在因爲要監測各node、pod的資源使用率，現在要進行metrics-server的二進制部署。我現在的metrics-server部署都是基於之前的k8s集羣部署的目錄進行的，你可以參考我之前的文章。k8s集羣二進制部署

一、創建metrics-server使用的證書

# cd /data/ssl_config/kubernetes/
# gedit metrics-server-csr.json
{
  "CN": "aggregator",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

生成證書
#   cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server

將生成的證書拷貝至master，slave1，slave2
#  cp metrics-server*.pem  /cloud/k8s/kubernetes/ssl
#  scp metrics-server*.pem  slave1:/cloud/k8s/kubernetes/ssl
#  scp metrics-server*.pem  slave2:/cloud/k8s/kubernetes/ssl

二、修改kube-apiserver，kube-controller-manager配置文件

kube-apiserver(我的在/cloud/k8s/kubernetes/cfg/kube-apiserver)

--requestheader-client-ca-file=/cloud/k8s/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/cloud/k8s/kubernetes/ssl/metrics-server.pem \
--proxy-client-key-file=/cloud/k8s/kubernetes/ssl/metrics-server-key.pem \
--runtime-config=api/all=true"

重啓：
# systemctl daemon-reload
# systemctl enable kube-apiserver
# systemctl restart kube-apiserver

–requestheader-XXX、–proxy-client-XXX 是 kube-apiserver 的 aggregator layer 相關的配置參數，metrics-server & HPA 需要使用；
–requestheader-client-ca-file：用於簽名 --proxy-client-cert-file 和 --proxy-client-key-file 指定的證書；在啓用了 metric aggregator 時使用；
如果 kube-apiserver 機器沒有運行 kube-proxy，則還需要添加 --enable-aggregator-routing=true 參數

kube-controller-manager(我的在/cloud/k8s/kubernetes/cfg/kube-controller-manager)

添加如下配置參數

--horizontal-pod-autoscaler-use-rest-clients=true

重啓

# systemctl daemon-reload
# systemctl enable kube-controller-manager
# systemctl restart kube-controller-manager

三、修改插件配置文件
軟件包，下載metrics-server的就好，提取碼： k5ec

解壓之後，進入
#  cd metrics-server/deploy/1.8+
#  gedit  metrics-server-deployment.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    k8s-app: metrics-server
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.6
        imagePullPolicy: IfNotPresent
        command:
        - /metrics-server
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIP
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp

修改image，command，imagePullPolicy三項

四、開始部署

# cd metrics-server/deploy/1.8+
# kubectl apply -f .
# kubectl get pods -n kube-system | grep metrics

驗證是否成功

# kubectl top nodes
NAME     CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
master   146m         7%     1336Mi          77%       
slave1   80m          4%     1113Mi          64%       
slave2   122m         6%     1206Mi          70%  

# kubectl top pods 
NAME             CPU(cores)   MEMORY(bytes)   
kubia-5q27x      0m           1Mi             
kubia-6p8gh      0m           3Mi             
kubia-7znz2      0m           3Mi             
kubia-liveness   0m           0Mi   

參考

大功告成！！！！