kubernetes集群二进制部署metrics-server

之前搭建了k8s1.15的集群，现在因为要监测各node、pod的资源使用率，现在要进行metrics-server的二进制部署。我现在的metrics-server部署都是基于之前的k8s集群部署的目录进行的，你可以参考我之前的文章。k8s集群二进制部署

一、创建metrics-server使用的证书

# cd /data/ssl_config/kubernetes/
# gedit metrics-server-csr.json
{
  "CN": "aggregator",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

生成证书
#   cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes metrics-server-csr.json | cfssljson -bare metrics-server

将生成的证书拷贝至master，slave1，slave2
#  cp metrics-server*.pem  /cloud/k8s/kubernetes/ssl
#  scp metrics-server*.pem  slave1:/cloud/k8s/kubernetes/ssl
#  scp metrics-server*.pem  slave2:/cloud/k8s/kubernetes/ssl

二、修改kube-apiserver，kube-controller-manager配置文件

kube-apiserver(我的在/cloud/k8s/kubernetes/cfg/kube-apiserver)

--requestheader-client-ca-file=/cloud/k8s/kubernetes/ssl/ca.pem \
--requestheader-allowed-names=aggregator \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/cloud/k8s/kubernetes/ssl/metrics-server.pem \
--proxy-client-key-file=/cloud/k8s/kubernetes/ssl/metrics-server-key.pem \
--runtime-config=api/all=true"

重启：
# systemctl daemon-reload
# systemctl enable kube-apiserver
# systemctl restart kube-apiserver

–requestheader-XXX、–proxy-client-XXX 是 kube-apiserver 的 aggregator layer 相关的配置参数，metrics-server & HPA 需要使用；
–requestheader-client-ca-file：用于签名 --proxy-client-cert-file 和 --proxy-client-key-file 指定的证书；在启用了 metric aggregator 时使用；
如果 kube-apiserver 机器没有运行 kube-proxy，则还需要添加 --enable-aggregator-routing=true 参数

kube-controller-manager(我的在/cloud/k8s/kubernetes/cfg/kube-controller-manager)

添加如下配置参数

--horizontal-pod-autoscaler-use-rest-clients=true

重启

# systemctl daemon-reload
# systemctl enable kube-controller-manager
# systemctl restart kube-controller-manager

三、修改插件配置文件
软件包，下载metrics-server的就好，提取码： k5ec

解压之后，进入
#  cd metrics-server/deploy/1.8+
#  gedit  metrics-server-deployment.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-server
  namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: metrics-server
  namespace: kube-system
  labels:
    k8s-app: metrics-server
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: mirrorgooglecontainers/metrics-server-amd64:v0.3.6
        imagePullPolicy: IfNotPresent
        command:
        - /metrics-server
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIP
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp

修改image，command，imagePullPolicy三项

四、开始部署

# cd metrics-server/deploy/1.8+
# kubectl apply -f .
# kubectl get pods -n kube-system | grep metrics

验证是否成功

# kubectl top nodes
NAME     CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
master   146m         7%     1336Mi          77%       
slave1   80m          4%     1113Mi          64%       
slave2   122m         6%     1206Mi          70%  

# kubectl top pods 
NAME             CPU(cores)   MEMORY(bytes)   
kubia-5q27x      0m           1Mi             
kubia-6p8gh      0m           3Mi             
kubia-7znz2      0m           3Mi             
kubia-liveness   0m           0Mi   

参考

大功告成！！！！