k8s部署metrics-server

1. ​​​​​​auth-delegator.yaml

   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: metrics-server:system:auth-delegator
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: system:auth-delegator
   subjects:
   - kind: ServiceAccount
     name: metrics-server
     namespace: kube-system

2. auth-reader.yaml

   apiVersion: rbac.authorization.k8s.io/v1
   kind: RoleBinding
   metadata:
     name: metrics-server-auth-reader
     namespace: kube-system
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: Role
     name: extension-apiserver-authentication-reader
   subjects:
   - kind: ServiceAccount
     name: metrics-server
     namespace: kube-system

3. metrics-apiservice.yaml

   apiVersion: apiregistration.k8s.io/v1
   kind: APIService
   metadata:
     name: v1beta1.metrics.k8s.io
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   spec:
     service:
       name: metrics-server
       namespace: kube-system
     group: metrics.k8s.io
     version: v1beta1
     insecureSkipTLSVerify: true
     groupPriorityMinimum: 100
     versionPriority: 100

4. metrics-server-deployment.yaml

   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: metrics-server
     namespace: kube-system
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   ---
   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: metrics-server-config
     namespace: kube-system
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: EnsureExists
   data:
     NannyConfiguration: |-
       apiVersion: nannyconfig/v1alpha1
       kind: NannyConfiguration
   ---
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: metrics-server-v0.3.6
     namespace: kube-system
     labels:
       k8s-app: metrics-server
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
       version: v0.3.6
   spec:
     selector:
       matchLabels:
         k8s-app: metrics-server
         version: v0.3.6
     template:
       metadata:
         name: metrics-server
         labels:
           k8s-app: metrics-server
           version: v0.3.6
         annotations:
           seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
       spec:
         priorityClassName: system-cluster-critical
         serviceAccountName: metrics-server
         nodeSelector:
           kubernetes.io/os: linux
         containers:
         - name: metrics-server
           image: htcfive/metrics-server-amd64:v0.3.6
           command:
           - /metrics-server
           #- --metric-resolution=30s
           #- --kubelet-port=10250
           - --kubelet-insecure-tls
           #- --deprecated-kubelet-completely-insecure=true
           - --kubelet-preferred-address-types=InternalIP
           #- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
           ports:
           - containerPort: 443
             name: https
             protocol: TCP
         - name: metrics-server-nanny
           image: mirrorgooglecontainers/addon-resizer:1.8.6
           resources:
             limits:
               cpu: 100m
               memory: 300Mi
             requests:
               cpu: 5m
               memory: 50Mi
           env:
             - name: MY_POD_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
             - name: MY_POD_NAMESPACE
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
           volumeMounts:
           - name: metrics-server-config-volume
             mountPath: /etc/config
           command:
             - /pod_nanny
             - --config-dir=/etc/config
             #- --cpu={{ base_metrics_server_cpu }}
             - --extra-cpu=0.5m
             #- --memory={{ base_metrics_server_memory }}
             #- --extra-memory={{ metrics_server_memory_per_node }}Mi
             - --threshold=5
             - --deployment=metrics-server-v0.3.6
             - --container=metrics-server
             - --poll-period=300000
             - --estimator=exponential
             #- --minClusterSize={{ metrics_server_min_cluster_size }}
             #- --use-metrics=true
         volumes:
           - name: metrics-server-config-volume
             configMap:
               name: metrics-server-config
         tolerations:
           - key: "CriticalAddonsOnly"
             operator: "Exists"

5. metrics-server-service.yaml

   apiVersion: v1
   kind: Service
   metadata:
     name: metrics-server
     namespace: kube-system
     labels:
       addonmanager.kubernetes.io/mode: Reconcile
       kubernetes.io/cluster-service: "true"
       kubernetes.io/name: "Metrics-server"
   spec:
     selector:
       k8s-app: metrics-server
     ports:
     - port: 443
       protocol: TCP
       targetPort: https

6. resource-reader.yaml

   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: system:metrics-server
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   rules:
   - apiGroups:
     - ""
     resources:
     - pods
     - nodes
     - namespaces
     - nodes/stats
     verbs:
     - get
     - list
     - watch
   - apiGroups:
     - "apps"
     resources:
     - deployments
     verbs:
     - get
     - list
     - update
     - watch
   - nonResourceURLs:
     - /metrics
     verbs:
     - get
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: system:metrics-server
     labels:
       kubernetes.io/cluster-service: "true"
       addonmanager.kubernetes.io/mode: Reconcile
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: system:metrics-server
   subjects:
   - kind: ServiceAccount
     name: metrics-server
     namespace: kube-system