Kubernetes1.13安装metrics-server及填坑

本人测试集群是使用kubeadm安装的kubernetes1.13，参考：使用kubeadm安装Kubernetes1.13，刚安装完的集群是没有指标信息的

[root@k8s-node1 ~]# kubectl top node
Error from server (NotFound): the server could not find the requested resource (get services http:heapster:)

常用来收集指标信息的插件有metrics-server和heapster，本案例使用metrics-server

将metrics-server克隆到目标机器（可操作kubectl命令的机器）

git clone https://github.com/kubernetes-incubator/metrics-server

目录

其中一个目录是deploy是让我们部署使用，目录下的内容如下：

目前metrics-server的最新版本是v0.3.1,如果部署v0.2版本以上的进1.8+这个目录，如果是v0.2版本以下进入1.7这个目录，此次 我部署的是v0.3.1，所以进入1.8+目录

[root@k8s-node1 1.8+]# ll
总用量 28
-rw-r--r-- 1 root root 384 1月  15 08:41 aggregated-metrics-reader.yaml
-rw-r--r-- 1 root root 308 1月  15 08:41 auth-delegator.yaml
-rw-r--r-- 1 root root 329 1月  15 08:41 auth-reader.yaml
-rw-r--r-- 1 root root 298 1月  15 08:41 metrics-apiservice.yaml
-rw-r--r-- 1 root root 991 1月  30 11:59 metrics-server-deployment.yaml
-rw-r--r-- 1 root root 249 1月  15 08:41 metrics-server-service.yaml
-rw-r--r-- 1 root root 502 1月  15 08:41 resource-reader.yaml

部署

[root@k8s-node1 1.8+]# kubectl apply -f /.
[root@k8s-node1 1.8+]# kubectl get pods --all-namespaces -o wide
NAMESPACE       NAME                                             READY   STATUS             RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
default         test-deploy1-7f4cc8dd65-6rwzw                    1/1     Running            0          37d   10.244.0.11      k8s-node1              
ingress-nginx   nginx-ingress-controller-5559ccfdc6-k4dlb        1/1     Running            1          56d   10.244.0.6       k8s-node1              
ingress-nginx   nginx-ingress-default-backend-6dc6c46dcc-t8wpj   1/1     Running            1          56d   10.244.0.9       k8s-node1              
kube-system     coredns-86c58d9df4-7nf4d                         1/1     Running            1          56d   10.244.0.8       k8s-node1              
kube-system     coredns-86c58d9df4-s7s2n                         1/1     Running            1          56d   10.244.0.7       k8s-node1              
kube-system     etcd-k8s-node1                                   1/1     Running            1          56d   192.168.112.38   k8s-node1              
kube-system     kube-apiserver-k8s-node1                         1/1     Running            1          51d   192.168.112.38   k8s-node1              
kube-system     kube-controller-manager-k8s-node1                1/1     Running            8          56d   192.168.112.38   k8s-node1              
kube-system     kube-flannel-ds-amd64-qvzc7                      1/1     Running            2          56d   192.168.112.39   k8s-node2              
kube-system     kube-flannel-ds-amd64-r4r8g                      1/1     Running            1          56d   192.168.112.38   k8s-node1              
kube-system     kube-proxy-dttsr                                 1/1     Running            1          56d   192.168.112.38   k8s-node1              
kube-system     kube-proxy-fkvnq                                 1/1     Running            2          56d   192.168.112.39   k8s-node2              
kube-system     kube-scheduler-k8s-node1                         1/1     Running            9          56d   192.168.112.38   k8s-node1              
kube-system     kubernetes-dashboard-79ff88449c-j7sp6            1/1     Running            0          37d   10.244.0.12      k8s-node1              
kube-system     metrics-server-fc6d4999b-b9gd6                   0/1     ImagePullBackOff   0          37d   10.244.1.20      k8s-node2              
kube-system     tiller-deploy-6cf89f5895-88t65                   1/1     Running            0          37d   10.244.0.10      k8s-node1              

填坑

• 镜像下载

需要科学上网，本公司网络能够科学无需其他操作，感谢公司IT同学；
能科学上网后还需要本地机器时间正常，（我虚拟机挂起后时间不一致，导致下载失败）
Error response from daemon: Get https://k8s.gcr.io/v2/: x509: certificate has expired or is not yet valid

• 无法解析节点的主机名

无法解析节点的主机名，是metrics-server这个容器不能通过CoreDNS 解析各Node的主机名，metrics-server连节点时默认是连接节点的主机名，需要加个参数，让它连接节点的IP，同时因为10250是https端口，连接它时需要提供证书，所以加上–kubelet-insecure-tls，表示不验证客户端证书，此前的版本中使用–source=这个参数来指定不验证客户端证书

[root@k8s-node1 1.8+]# vi metrics-server-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    k8s-app: metrics-server
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: k8s.gcr.io/metrics-server-amd64:v0.3.1
        imagePullPolicy: IfNotPresent
        command
        - /metrics-server
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIp
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp

删除原安装的service和deployment

[root@k8s-node1 1.8+]# kubectl delete -f metrics-server-deployment.yaml 
serviceaccount "metrics-server" deleted
deployment.extensions "metrics-server" deleted

重新安装

[root@k8s-node1 1.8+]# kubectl create -f metrics-server-deployment.yaml       
serviceaccount/metrics-server created
deployment.extensions/metrics-server created

验证

[root@k8s-node1 1.8+]# kubectl top node
NAME        CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-node1   266m         6%     1821Mi          49%       
k8s-node2   60m          1%     677Mi           18%