之前搭建了k8s1.15的集羣,現在因爲要監測各node、pod的資源使用率,現在要進行metrics-server的二進制部署。我現在的metrics-server部署都是基於之前的k8s集羣部署的目錄進行的,你可以參考我之前的文章。k8s集羣二進制部署
一、創建metrics-server使用的證書
# cd /data/ssl_config/kubernetes/
# gedit metrics-server-csr.json
{
"CN": "aggregator",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
生成證書
# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server
將生成的證書拷貝至master,slave1,slave2
# cp metrics-server*.pem /cloud/k8s/kubernetes/ssl
# scp metrics-server*.pem slave1:/cloud/k8s/kubernetes/ssl
# scp metrics-server*.pem slave2:/cloud/k8s/kubernetes/ssl
二、修改kube-apiserver,kube-controller-manager配置文件
kube-apiserver(我的在/cloud/k8s/kubernetes/cfg/kube-apiserver)
--requestheader-client-ca-file=/cloud/k8s/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/cloud/k8s/kubernetes/ssl/metrics-server.pem \
--proxy-client-key-file=/cloud/k8s/kubernetes/ssl/metrics-server-key.pem \
--runtime-config=api/all=true"
重啓:
# systemctl daemon-reload
# systemctl enable kube-apiserver
# systemctl restart kube-apiserver
–requestheader-XXX、–proxy-client-XXX 是 kube-apiserver 的 aggregator layer 相關的配置參數,metrics-server & HPA 需要使用;
–requestheader-client-ca-file:用於簽名 --proxy-client-cert-file 和 --proxy-client-key-file 指定的證書;在啓用了 metric aggregator 時使用;
如果 kube-apiserver 機器沒有運行 kube-proxy,則還需要添加 --enable-aggregator-routing=true 參數
kube-controller-manager(我的在/cloud/k8s/kubernetes/cfg/kube-controller-manager)
添加如下配置參數
--horizontal-pod-autoscaler-use-rest-clients=true
重啓
# systemctl daemon-reload
# systemctl enable kube-controller-manager
# systemctl restart kube-controller-manager
三、修改插件配置文件
軟件包,下載metrics-server的就好,提取碼: k5ec
解壓之後,進入
# cd metrics-server/deploy/1.8+
# gedit metrics-server-deployment.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: mirrorgooglecontainers/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
修改image,command,imagePullPolicy三項
四、開始部署
# cd metrics-server/deploy/1.8+
# kubectl apply -f .
# kubectl get pods -n kube-system | grep metrics
驗證是否成功
# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 146m 7% 1336Mi 77%
slave1 80m 4% 1113Mi 64%
slave2 122m 6% 1206Mi 70%
# kubectl top pods
NAME CPU(cores) MEMORY(bytes)
kubia-5q27x 0m 1Mi
kubia-6p8gh 0m 3Mi
kubia-7znz2 0m 3Mi
kubia-liveness 0m 0Mi
大功告成!!!!