k8s部署metric-server单机、集群版

不会飞的大象2023-12-28 18:34

一、单机部署

1.1、下载metric-server

```

https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

```

1.2、替换镜像并修改参数

```

...

spec:

containers:

  • args:

  • --cert-dir=/tmp

  • --secure-port=4443

  • --kubelet-insecure-tls # 1、不验证ca证书

  • --kubelet-preferred-address-types=InternalIP # 2、使用InternalIP

  • --kubelet-use-node-status-port

  • --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4 # 3、镜像地址

imagePullPolicy: IfNotPresent

livenessProbe:

...

```

1.3 完整配置文件"components.yaml"

```

apiVersion: v1

kind: ServiceAccount

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

rbac.authorization.k8s.io/aggregate-to-admin: "true"

rbac.authorization.k8s.io/aggregate-to-edit: "true"

rbac.authorization.k8s.io/aggregate-to-view: "true"

name: system:aggregated-metrics-reader

rules:

resources:

  • pods

  • nodes

verbs:

  • get

  • list

  • watch

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

rules:

  • apiGroups:

  • ""

resources:

  • nodes/metrics

verbs:

  • get

  • apiGroups:

  • ""

resources:

  • pods

  • nodes

verbs:

  • get

  • list

  • watch

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server-auth-reader

namespace: kube-system

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: extension-apiserver-authentication-reader

subjects:

  • kind: ServiceAccount

name: metrics-server

namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: metrics-server:system:auth-delegator

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:auth-delegator

subjects:

  • kind: ServiceAccount

name: metrics-server

namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

k8s-app: metrics-server

name: system:metrics-server

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:metrics-server

subjects:

  • kind: ServiceAccount

name: metrics-server

namespace: kube-system

apiVersion: v1

kind: Service

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

ports:

  • name: https

port: 443

protocol: TCP

targetPort: https

selector:

k8s-app: metrics-server

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

k8s-app: metrics-server

name: metrics-server

namespace: kube-system

spec:

selector:

matchLabels:

k8s-app: metrics-server

strategy:

rollingUpdate:

maxUnavailable: 0

template:

metadata:

labels:

k8s-app: metrics-server

spec:

containers:

  • args:

  • --cert-dir=/tmp

  • --secure-port=4443

  • --kubelet-insecure-tls

  • --kubelet-preferred-address-types=InternalIP

  • --kubelet-use-node-status-port

  • --metric-resolution=15s

image: guopengfee/metrics-server:v0.6.4

imagePullPolicy: IfNotPresent

livenessProbe:

failureThreshold: 3

httpGet:

path: /livez

port: https

scheme: HTTPS

periodSeconds: 10

name: metrics-server

ports:

  • containerPort: 4443

name: https

protocol: TCP

readinessProbe:

failureThreshold: 3

httpGet:

path: /readyz

port: https

scheme: HTTPS

initialDelaySeconds: 20

periodSeconds: 10

resources:

requests:

cpu: 100m

memory: 200Mi

securityContext:

allowPrivilegeEscalation: false

readOnlyRootFilesystem: true

runAsNonRoot: true

runAsUser: 1000

volumeMounts:

  • mountPath: /tmp

name: tmp-dir

nodeSelector:

kubernetes.io/os: linux

priorityClassName: system-cluster-critical

serviceAccountName: metrics-server

volumes:

  • emptyDir: {}

name: tmp-dir

apiVersion: apiregistration.k8s.io/v1

kind: APIService

metadata:

labels:

k8s-app: metrics-server

name: v1beta1.metrics.k8s.io

spec:

group: metrics.k8s.io

groupPriorityMinimum: 100

insecureSkipTLSVerify: true

service:

name: metrics-server

namespace: kube-system

version: v1beta1

versionPriority: 100

```

1.4 部署"components.yaml"

```

kubectl apply -f components.yaml

```

1.5 查看pod

```

root@master01 metric_server\]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE kube-flannel-ds-6mppc 1/1 Running 1 (4h52m ago) 6h13m ... metrics-server-5546477ddb-5f4b2 1/1 Running 0 12m \`\`\` ### 二、集群版部署 #### 2.0、高可用集群版本需要修改kube-apiserver参数如下" - --enable-aggregator-routing=true" \`\`\` apiVersion: v1 kind: Pod metadata: labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: - kube-apiserver ... - --service-cluster-ip-range=10.233.0.0/18 - --enable-aggregator-routing=true ... \`\`\` #### 2.1、下载metric-server-cluster \`\`\` wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml \`\`\` #### 2.2、替换镜像并修改参数 \`\`\` spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: metrics-server namespaces: - kube-system topologyKey: kubernetes.io/hostname containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP - --kubelet-use-node-status-port - --metric-resolution=15s image: guopengfee/metrics-server:v0.6.4 imagePullPolicy: IfNotPresent livenessProbe: \`\`\` #### 2.3、完整配置文件"high-availability-1.21+.yamll" \`\`\` \[root@master01 metric_server\]# cat high-availability-1.21+.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: replicas: 2 selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 1 template: metadata: labels: k8s-app: metrics-server spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: metrics-server namespaces: - kube-system topologyKey: kubernetes.io/hostname containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP - --kubelet-use-node-status-port - --metric-resolution=15s image: guopengfee/metrics-server:v0.6.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 4443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: metrics-server namespace: kube-system spec: minAvailable: 1 selector: matchLabels: k8s-app: metrics-server --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 \`\`\` #### 2.4、部署"high-availability-1.21+.yaml" \`\`\` kubectl apply -f high-availability-1.21+.yaml \`\`\` #### 2.5、查看pod \`\`\` \[root@master01 metric_server\]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-757cd945b-572wz 1/1 Running 1 (6h4m ago) 7h24m coredns-757cd945b-gvd5g 1/1 Running 1 (6h4m ago) 7h24m kube-apiserver-master01 1/1 Running 0 10m ... metrics-server-6dcfcfd57c-bzqn9 1/1 Running 0 6m15s metrics-server-6dcfcfd57c-qf8vv 1/1 Running 0 6m15s ... \`\`\`

相关推荐
matrixlzp26 分钟前
K8S Service 原理、案例
云原生·容器·kubernetes
angushine2 小时前
让Docker端口映射受Firewall管理而非iptables
运维·docker·容器
孔令飞2 小时前
Go:终于有了处理未定义字段的实用方案
人工智能·云原生·go
玄明Hanko3 小时前
Quarkus+Docker最全面完整教程:手把手搞定Java云原生
后端·docker·云原生
SimonLiu0093 小时前
清理HiNas(海纳斯) Docker日志并限制日志大小
java·docker·容器
高峰君主6 小时前
Docker容器持久化
docker·容器·eureka
能来帮帮蒟蒻吗6 小时前
Docker安装(Ubuntu22版)
笔记·学习·spring cloud·docker·容器
言之。11 小时前
别学了,打会王者吧
java·python·mysql·容器·spark·php·html5
秦始皇爱找茬14 小时前
docker部署Jenkins工具
docker·容器·jenkins
hoho不爱喝酒16 小时前
微服务Nacos组件的介绍、安装、使用
微服务·云原生·架构
热门推荐
01KGG转MP3工具|非KGM文件|解密音频02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03我决定放弃搞 Java 了04Coze扣子平台完整体验和实践(附国内和国际版对比)05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06DeepSeek各版本说明与优缺点分析07yolov8,yolo11,yolo12 服务器训练到部署全流程 笔记08苍穹外卖面试总结09如何在WPS和Word/Excel中直接使用DeepSeek功能10【2025年最新】OpenWrt 更换国内源的指南(图形界面版)