Metrics-Server is the aggregator of cluster core monitoring data. In layman’s terms, it stores monitoring data of each node in the cluster and provides API for analysis and use. Metrics-Server is deployed in the Kubernetes cluster by default as a Deployment object. But to be precise, it is a complex of resource objects such as Deployment, Service, ClusterRole, ClusterRoleBinding, APIService, and RoleBinding.
Table of Contents
1. Pull the image
2. Enable apiserver aggregation service on Maser
3. Application for certificate
4. Restart kubelet, do this on all nodes
5. Issuance of certificate
6. Create resource objects
7. Verification
1. Pull the image
[root@k8smaster ~]# docker search metrics-server [root@k8smaster ~]# docker pull bitnami/metrics-server
2. Enable apiserver aggregation service on maser
[root@master ~]# vim /etc/kubernetes/manifests/kube-apiserver.yaml # spec.containers.command Manually add the following line below this line - --enable-aggregator-routing=true
3. Application for certificate
vim /var/lib/kubelet/config.yaml #Add at the last line of the file serverTLSBootstrap: true
4. Restart kubelet, do it on all nodes
systemctl restart kubelet
5. Issuance of certificate
>View the certificates that need to be issued kubectl get certificatesigningrequests kubectl certificate approve csr-wsfz7
6. Create resource object
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind:ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: -pods -nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind:ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: -nodes/metrics verbs: - get - apiGroups: - "" resources: -pods -nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 Kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol:TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 Kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s image: bitnami/metrics-server imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 4443 name: https protocol:TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind:APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100
Create resource object
kubectl apply -f metrics-server.yaml
7. Verification
kubectl top nodes kubectl top pod -A