k8s部署metric-server单机、集群版

一、单机部署

1.1、下载metric-server

```

https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

```

1.2、替换镜像并修改参数

```

...

spec:

containers:

• args:

• --cert-dir=/tmp

• --secure-port=4443

• --kubelet-insecure-tls # 1、不验证ca证书

• --kubelet-preferred-address-types=InternalIP # 2、使用InternalIP

• --kubelet-use-node-status-port

• --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4 # 3、镜像地址

imagePullPolicy: IfNotPresent

livenessProbe:

...

```

1.3 完整配置文件"components.yaml"

```

apiVersion: v1

kind: ServiceAccount

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

rbac.authorization.k8s.io/aggregate-to-admin: "true"

rbac.authorization.k8s.io/aggregate-to-edit: "true"

rbac.authorization.k8s.io/aggregate-to-view: "true"

name: system:aggregated-metrics-reader

rules:

• apiGroups:

• metrics.k8s.io

resources:

• pods

• nodes

verbs:

• get

• list

• watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

rules:

• apiGroups:

• ""

resources:

• nodes/metrics

verbs:

• get

• apiGroups:

• ""

resources:

• pods

• nodes

verbs:

• get

• list

• watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server-auth-reader

namespace: kube-system

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: extension-apiserver-authentication-reader

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server:system:auth-delegator

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:auth-delegator

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:metrics-server

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: v1

kind: Service

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

ports:

• name: https

port: 443

protocol: TCP

targetPort: https

selector:

k8s-app: metrics-server

---

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

selector:

matchLabels:

k8s-app: metrics-server

strategy:

rollingUpdate:

maxUnavailable: 0

template:

metadata:

labels:

k8s-app: metrics-server

spec:

containers:

• args:

• --cert-dir=/tmp

• --secure-port=4443

• --kubelet-insecure-tls

• --kubelet-preferred-address-types=InternalIP

• --kubelet-use-node-status-port

• --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4

imagePullPolicy: IfNotPresent

livenessProbe:

failureThreshold: 3

httpGet:

path: /livez

port: https

scheme: HTTPS

periodSeconds: 10

name: metrics-server

ports:

• containerPort: 4443

name: https

protocol: TCP

readinessProbe:

failureThreshold: 3

httpGet:

path: /readyz

port: https

scheme: HTTPS

initialDelaySeconds: 20

periodSeconds: 10

resources:

requests:

cpu: 100m

memory: 200Mi

securityContext:

allowPrivilegeEscalation: false

readOnlyRootFilesystem: true

runAsNonRoot: true

runAsUser: 1000

volumeMounts:

• mountPath: /tmp

name: tmp-dir

nodeSelector:

kubernetes.io/os: linux

priorityClassName: system-cluster-critical

serviceAccountName: metrics-server

volumes:

• emptyDir: {}

name: tmp-dir

---

apiVersion: apiregistration.k8s.io/v1

kind: APIService

metadata:

labels:

k8s-app: metrics-server

name: v1beta1.metrics.k8s.io

spec:

group: metrics.k8s.io

groupPriorityMinimum: 100

insecureSkipTLSVerify: true

service:

name: metrics-server

namespace: kube-system

version: v1beta1

versionPriority: 100

```

1.4 部署"components.yaml"

```

kubectl apply -f components.yaml

```

1.5 查看pod

```

[root@master01 metric_server]# kubectl get pod -n kube-system

NAME READY STATUS RESTARTS AGE

kube-flannel-ds-6mppc 1/1 Running 1 (4h52m ago) 6h13m

...

metrics-server-5546477ddb-5f4b2 1/1 Running 0 12m

```

二、集群版部署

2.0、高可用集群版本需要修改kube-apiserver参数如下" - --enable-aggregator-routing=true"

```

apiVersion: v1

kind: Pod

metadata:

labels:

component: kube-apiserver

tier: control-plane

name: kube-apiserver

namespace: kube-system

spec:

containers:

• command:

• kube-apiserver

...

• --service-cluster-ip-range=10.233.0.0/18

• --enable-aggregator-routing=true

...

```

2.1、下载metric-server-cluster

```

wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml

```

2.2、替换镜像并修改参数

```

spec:

affinity:

podAntiAffinity:

requiredDuringSchedulingIgnoredDuringExecution:

• labelSelector:

matchLabels:

k8s-app: metrics-server

namespaces:

• kube-system

topologyKey: kubernetes.io/hostname

containers:

• args:

• --cert-dir=/tmp

• --secure-port=4443

• --kubelet-insecure-tls

• --kubelet-preferred-address-types=InternalIP

• --kubelet-use-node-status-port

• --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4

imagePullPolicy: IfNotPresent

livenessProbe:

```

2.3、完整配置文件"high-availability-1.21+.yamll"

```

[root@master01 metric_server]# cat high-availability-1.21+.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

rbac.authorization.k8s.io/aggregate-to-admin: "true"

rbac.authorization.k8s.io/aggregate-to-edit: "true"

rbac.authorization.k8s.io/aggregate-to-view: "true"

name: system:aggregated-metrics-reader

rules:

• apiGroups:

• metrics.k8s.io

resources:

• pods

• nodes

verbs:

• get

• list

• watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

rules:

• apiGroups:

• ""

resources:

• nodes/metrics

verbs:

• get

• apiGroups:

• ""

resources:

• pods

• nodes

verbs:

• get

• list

• watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server-auth-reader

namespace: kube-system

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: extension-apiserver-authentication-reader

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server:system:auth-delegator

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:auth-delegator

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:metrics-server

subjects:

• kind: ServiceAccount

name: metrics-server

namespace: kube-system

---

apiVersion: v1

kind: Service

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

ports:

• name: https

port: 443

protocol: TCP

targetPort: https

selector:

k8s-app: metrics-server

---

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

replicas: 2

selector:

matchLabels:

k8s-app: metrics-server

strategy:

rollingUpdate:

maxUnavailable: 1

template:

metadata:

labels:

k8s-app: metrics-server

spec:

affinity:

podAntiAffinity:

requiredDuringSchedulingIgnoredDuringExecution:

• labelSelector:

matchLabels:

k8s-app: metrics-server

namespaces:

• kube-system

topologyKey: kubernetes.io/hostname

containers:

• args:

• --cert-dir=/tmp

• --secure-port=4443

• --kubelet-insecure-tls

• --kubelet-preferred-address-types=InternalIP

• --kubelet-use-node-status-port

• --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4

imagePullPolicy: IfNotPresent

livenessProbe:

failureThreshold: 3

httpGet:

path: /livez

port: https

scheme: HTTPS

periodSeconds: 10

name: metrics-server

ports:

• containerPort: 4443

name: https

protocol: TCP

readinessProbe:

failureThreshold: 3

httpGet:

path: /readyz

port: https

scheme: HTTPS

initialDelaySeconds: 20

periodSeconds: 10

resources:

requests:

cpu: 100m

memory: 200Mi

securityContext:

allowPrivilegeEscalation: false

readOnlyRootFilesystem: true

runAsNonRoot: true

runAsUser: 1000

volumeMounts:

• mountPath: /tmp

name: tmp-dir

nodeSelector:

kubernetes.io/os: linux

priorityClassName: system-cluster-critical

serviceAccountName: metrics-server

volumes:

• emptyDir: {}

name: tmp-dir

---

apiVersion: policy/v1

kind: PodDisruptionBudget

metadata:

name: metrics-server

namespace: kube-system

spec:

minAvailable: 1

selector:

matchLabels:

k8s-app: metrics-server

---

apiVersion: apiregistration.k8s.io/v1

kind: APIService

metadata:

labels:

k8s-app: metrics-server

name: v1beta1.metrics.k8s.io

spec:

group: metrics.k8s.io

groupPriorityMinimum: 100

insecureSkipTLSVerify: true

service:

name: metrics-server

namespace: kube-system

version: v1beta1

versionPriority: 100

```

2.4、部署"high-availability-1.21+.yaml"

```

kubectl apply -f high-availability-1.21+.yaml

```

2.5、查看pod

```

[root@master01 metric_server]# kubectl get pod -n kube-system

NAME READY STATUS RESTARTS AGE

coredns-757cd945b-572wz 1/1 Running 1 (6h4m ago) 7h24m

coredns-757cd945b-gvd5g 1/1 Running 1 (6h4m ago) 7h24m

kube-apiserver-master01 1/1 Running 0 10m

...

metrics-server-6dcfcfd57c-bzqn9 1/1 Running 0 6m15s

metrics-server-6dcfcfd57c-qf8vv 1/1 Running 0 6m15s

...

```