环境
Mac 系统里 docker-desktop上运行的 Kubernetes v1.19.3 上启动Metrics Server
场景
资源使用指标,例如容器 CPU 和内存使用率,可通过 Metrics API 在 Kubernetes 中获得。 这些指标可以直接被用户访问,比如使用 kubectl top 命令行,或者被集群中的控制器 (例如 Horizontal Pod Autoscalers) 使用来做决策。
Metrics API
通过 Metrics API,你可以获得指定节点或 Pod 当前使用的资源量。 此 API 不存储指标值,因此想要获取某个指定节点 10 分钟前的 资源使用量是不可能的。
此 API 与其他 API 没有区别:
- 此 API 和其它 Kubernetes API 一起位于同一端点(endpoint)之下且可发现, 路径为 /apis/metrics.k8s.io/
- 它具有相同的安全性、可扩展性和可靠性保证 Metrics API 在 k8s.io/metrics 仓库中定义。你可以在那里找到有关 Metrics API 的更多信息。
说明: Metrics API 需要在集群中部署 Metrics Server。否则它将不可用。
Metrics API not available
#查看node的资源使用情况
➜ ~ kubectl top node
error: Metrics API not available #没有部署Metrics时会报错
#查看
➜ ~ kubectl cluster-info
Kubernetes master is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
k8s 上部署 Metrics Server
下载镜像和components.yaml
#需要解决科学上网才能下载镜像k8s.gcr.io/metrics-server/metrics-server:v0.4.1
#从csdn下载K8s metrics-server.zip
#解压K8s metrics-server.zip
docker load -i k8s-gcr-io-metrics-server-metrics-server-v0.4.1.rar
查看确认镜像
➜ metrics-server git:(91dbeeb) docker images | grep metrics-server
k8s.gcr.io/metrics-server/metrics-server v0.4.1 9759a41ccdf0 3 weeks ago 60.5MB
➜ metrics-server git:(91dbeeb) cd /
k8s启动metrics-server
#本地执行,根据自己的components.yaml目录来执行
kubectl apply -f components.yaml
运行记录
➜ metrics-server git:(91dbeeb) kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
验证metrics-server
➜ Desktop kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
docker-desktop 308m 7% 1794Mi 37%
注意事项 x509: cannot validate certificate
默认从官方拉取的文件
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
在mac的docker desktop 上运行会出现如下问题 x509: cannot validate certificate
➜ Desktop kubectl logs metrics-server-866b7d5b74-bml25 -n kube-system
E1214 06:55:09.483690 1 server.go:132] unable to fully scrape metrics: unable to fully scrape metrics from node docker-desktop: unable to fetch metrics from node docker-desktop: Get "https://192.168.65.3:10250/stats/summary?only_cpu_and_memory=true": x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs
I1214 06:55:09.501441 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I1214 06:55:09.501637 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.501976 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.501795 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I1214 06:55:09.502403 1 secure_serving.go:197] Serving securely on [::]:4443
I1214 06:55:09.502482 1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I1214 06:55:09.502740 1 tlsconfig.go:240] Starting DynamicServingCertificateController
I1214 06:55:09.503168 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:09.503275 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:09.602354 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController
I1214 06:55:09.602454 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.603660 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:38.519063 1 configmap_cafile_content.go:223] Shutting down client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:38.519300 1 configmap_cafile_content.go:223] Shutting down client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:38.519340 1 requestheader_controller.go:183] Shutting down RequestHeaderAuthRequestController
I1214 06:55:38.519547 1 tlsconfig.go:255] Shutting down DynamicServingCertificateController
I1214 06:55:38.519553 1 dynamic_serving_content.go:145] Shutting down serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I1214 06:55:38.519819 1 secure_serving.go:241] Stopped listening on [::]:4443
解决办法
根据官方的github issues 添加一行- –kubelet-insecure-tls
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.4.1