【K8s教程】部署 Metrics Server 获取集群指标数据
Metrics Server 是 Kubernetes 的可扩展、高效的容器资源指标来源 内置自动缩放管道。
Metrics Server 从 Kubelets 收集资源指标,并通过 在 Kubernetes apiserver 中公开 Metrics API 供 Horizontal Pod Autoscaler 和 Vertical Pod Autoscaler 使用 。 Metrics API 也可以通过以下方式访问 kubectl top, 使调试自动缩放管道变得更容易。
Metrics Server 不适用于非自动缩放目的。 例如,不要使用它来将指标转发到监控解决方案,或作为监控解决方案指标的来源。 在这种情况下,请从 Kubelet 收集指标 /metrics/resource直接端点。
Metrics Server 提供:
- 适用于大多数集群的单一部署
- 快速自动缩放,每 15 秒收集一次指标。
- 资源效率,为集群中的每个节点使用 1 毫厘 CPU 内核和 2 MB 内存。
- 可扩展支持多达 5,000 个节点集群。
您可以将 Metrics Server 用于:
- 基于 CPU/内存的水平自动缩放
- 自动调整/建议容器所需的资源
在需要时不要使用 Metrics Server:
- 非 Kubernetes 集群
- 资源使用指标的准确来源
- 基于 CPU/内存以外的其他资源的水平自动缩放
从 v0.5.0 开始,Metrics Server 带有默认资源请求,应保证大多数集群配置(最多 100 个节点)的良好性能:
- 100m CPU核心
- 200MiB 内存
可以根据集群中的节点数按比例调整资源。 对于超过 100 个节点的集群,额外分配:
- 每个节点 1m 核心
- 每个节点 2MiB 内存
使用kubectl部署
部署清单:
# ServiceAccount: metrics-server
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
# ClusterRole: system:aggregated-metrics-reader
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
# ClusterRole: system:metrics-server
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
# RoleBinding: metrics-server-auth-reader
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
# ClusterRoleBinding: metrics-server:system:auth-delegator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
# ClusterRoleBinding: system:metrics-server
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
# Service: metrics-server
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
# Deployment: metrics-server
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname ## 确定连接到特定节点的地址时使用的节点地址类型的优先级
- --kubelet-use-node-status-port
- --metric-resolution=15s ## 每 15 秒收集一次指标
- --kubelet-insecure-tls ## 不要验证 Kubelets 提供的服务证书的 CA,仅用于测试目的
#image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0
image: registry.cn-hangzhou.aliyuncs.com/varden/metrics-server:v0.5.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 100m
memory: 200Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
- name: localtime
readOnly: true
mountPath: /etc/localtime
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
- name: localtime
hostPath:
type: File
path: /etc/localtime
---
# APIService: v1beta1.metrics.k8s.io
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
测试命令:
kubectl top node --use-protocol-buffers
kubectl top pods -A --use-protocol-buffers
使用helm部署
参考:https://github.com/bitnami/charts/tree/master/bitnami/metrics-server
