1. 安装K8S的Metrics-Server
正常按照官方文档安装MetricsServer,需要使用如下的命令:
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
也可以将文件下载到本地进行更多的自定义,比如metrics-server镜像拉取不下来,此时可以下载下来进行自定义拉取的镜像。
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
下面的MetricsServer的资源清单
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
imagePullSecrets:
- name: harbor-kube-system
containers:
- args:
- --cert-dir=/tmp
- --secure-port=10250
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
image: wanna1314y.top:1443/metrics-server/mertics-server:v0.7.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 10250
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
我们主要自定义了如下一项,其中一项是自定义了镜像,默认的镜像metrics-server/mertics-server:v0.7.2,在国内拉取不下来,这里从私有仓库进行拉取。
image: wanna1314y.top:1443/metrics-server/mertics-server:v0.7.2
第二项是,容器的启动参数当中,新增了如下的内容,为了允许无SSL访问,不加metrics-server可能无法正常启动。
- --kubelet-insecure-tls
2.使用Metrics-Server查看Node和Pod的资源使用情况
查看K8S集群当中的各个Node的CPU和内存使用情况:
root@master01:~# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master01 275m 1% 7636Mi 25%
node01 91m 2% 3568Mi 52%
node02 68m 1% 2960Mi 43%
node03 90m 2% 2641Mi 38%
查看各个Pod的CPU和内存使用情况:
root@master01:~# kubectl top pod -A
NAMESPACE NAME CPU(cores) MEMORY(bytes)
devops-tools jenkins-684ccccdb4-f9jzf 2m 514Mi
devops-tools nexus-5678d885bf-fkgnv 6m 1234Mi
elk elasticsearch-0 12m 1049Mi
elk elasticsearch-1 8m 1050Mi
elk elasticsearch-2 5m 1038Mi
elk filebeat-9stth 2m 66Mi
elk filebeat-d4b4j 2m 70Mi
elk filebeat-vr66d 1m 64Mi
elk filebeat-wmkkd 1m 69Mi
elk kibana-847d88fd59-78p8l 9m 490Mi
elk logstash-6568cf66c8-w9b8b 15m 1691Mi