环境

Mac 系统里 docker-desktop上运行的 Kubernetes v1.19.3 上启动Metrics Server

场景

资源使用指标,例如容器 CPU 和内存使用率,可通过 Metrics API 在 Kubernetes 中获得。 这些指标可以直接被用户访问,比如使用 kubectl top 命令行,或者被集群中的控制器 (例如 Horizontal Pod Autoscalers) 使用来做决策。

Metrics API

通过 Metrics API,你可以获得指定节点或 Pod 当前使用的资源量。 此 API 不存储指标值,因此想要获取某个指定节点 10 分钟前的 资源使用量是不可能的。

此 API 与其他 API 没有区别:

  • 此 API 和其它 Kubernetes API 一起位于同一端点(endpoint)之下且可发现, 路径为 /apis/metrics.k8s.io/
  • 它具有相同的安全性、可扩展性和可靠性保证 Metrics API 在 k8s.io/metrics 仓库中定义。你可以在那里找到有关 Metrics API 的更多信息。

说明: Metrics API 需要在集群中部署 Metrics Server。否则它将不可用。

Metrics API not available

#查看node的资源使用情况
➜  ~ kubectl top node
error: Metrics API not available #没有部署Metrics时会报错
#查看
➜  ~ kubectl cluster-info
Kubernetes master is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

k8s 上部署 Metrics Server

下载镜像和components.yaml

#需要解决科学上网才能下载镜像k8s.gcr.io/metrics-server/metrics-server:v0.4.1
#从csdn下载K8s metrics-server.zip
#解压K8s metrics-server.zip
docker load -i k8s-gcr-io-metrics-server-metrics-server-v0.4.1.rar 

查看确认镜像

➜  metrics-server git:(91dbeeb) docker images | grep metrics-server
k8s.gcr.io/metrics-server/metrics-server                                                                    v0.4.1                                           9759a41ccdf0   3 weeks ago     60.5MB
➜  metrics-server git:(91dbeeb) cd /

k8s启动metrics-server

#本地执行,根据自己的components.yaml目录来执行
kubectl apply -f components.yaml

运行记录

➜  metrics-server git:(91dbeeb) kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

验证metrics-server

➜  Desktop kubectl top nodes
NAME             CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
docker-desktop   308m         7%     1794Mi          37%

注意事项 x509: cannot validate certificate

默认从官方拉取的文件

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

在mac的docker desktop 上运行会出现如下问题 x509: cannot validate certificate

➜  Desktop kubectl logs metrics-server-866b7d5b74-bml25 -n kube-system
E1214 06:55:09.483690       1 server.go:132] unable to fully scrape metrics: unable to fully scrape metrics from node docker-desktop: unable to fetch metrics from node docker-desktop: Get "https://192.168.65.3:10250/stats/summary?only_cpu_and_memory=true": x509: cannot validate certificate for 192.168.65.3 because it doesn't contain any IP SANs
I1214 06:55:09.501441       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I1214 06:55:09.501637       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.501976       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.501795       1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
I1214 06:55:09.502403       1 secure_serving.go:197] Serving securely on [::]:4443
I1214 06:55:09.502482       1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I1214 06:55:09.502740       1 tlsconfig.go:240] Starting DynamicServingCertificateController
I1214 06:55:09.503168       1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:09.503275       1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:09.602354       1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController
I1214 06:55:09.602454       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:09.603660       1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:38.519063       1 configmap_cafile_content.go:223] Shutting down client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I1214 06:55:38.519300       1 configmap_cafile_content.go:223] Shutting down client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I1214 06:55:38.519340       1 requestheader_controller.go:183] Shutting down RequestHeaderAuthRequestController
I1214 06:55:38.519547       1 tlsconfig.go:255] Shutting down DynamicServingCertificateController
I1214 06:55:38.519553       1 dynamic_serving_content.go:145] Shutting down serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key
I1214 06:55:38.519819       1 secure_serving.go:241] Stopped listening on [::]:4443

解决办法

根据官方的github issues 添加一行- –kubelet-insecure-tls

  template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=4443
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        - --kubelet-insecure-tls
        image: k8s.gcr.io/metrics-server/metrics-server:v0.4.1

下载资源

资源下载地址