Kubernetes基于Centos7构建基础环境(三)
环境准备
准备三台虚拟机,每台虚机请参照Kubernetes基于Centos7构建基础环境(一)、Kubernetes基于Centos7构建基础环境(二)、Kubernetes基于Centos7构建基础环境(三)进行安装构建
一、 三台虚拟机配置表
- 服务器配置
| 服务器IP | 域名 | 别名 | 服务器类别 | 登录用户 | 登录密码 | CPU | 内存 |
|---|---|---|---|---|---|---|---|
| 192.168.1.55 | master55.xincan.cn | master55 | master | root | root | 2核 | 4G |
| 192.168.1.56 | slave56.xincan.cn | slave56 | slave | root | root | 4核 | 8G |
| 192.168.1.57 | slave57.xincan.cn | slave57 | slave | root | root | 4核 | 8G |
- 工具版本
- docker pull rancher/metrics-server:v0.4.1
- kube-metrics-server.yaml文件编排
二、集群基本信息查看
- 查看kube-system pod 信息
[root@master55 ~]# kubectl -n kube-system get pod
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-5b8b769fcd-cs695 1/1 Running 0 42h
calico-node-4dzjl 1/1 Running 3 124d
calico-node-kc7ks 1/1 Running 3 124d
calico-node-mzht2 1/1 Running 1 124d
calico-node-pnkd6 1/1 Running 16 124d
calico-node-scq4q 1/1 Running 2 124d
coredns-7ff77c879f-bj6b8 1/1 Running 2 66d
coredns-7ff77c879f-ljhvc 1/1 Running 0 42h
etcd-master.one.hatech.com.cn 1/1 Running 18 146d
kube-apiserver-master.one.hatech.com.cn 1/1 Running 0 55m
kube-controller-manager-master.one.hatech.com.cn 1/1 Running 795 146d
kube-proxy-7b9vx 1/1 Running 2 124d
kube-proxy-mgtsg 1/1 Running 3 137d
kube-proxy-n2nkj 1/1 Running 16 146d
kube-proxy-slx9g 1/1 Running 3 146d
kube-proxy-xv8m2 1/1 Running 5 146d
kube-scheduler-master.one.hatech.com.cn 1/1 Running 655 146d
[root@master55 ~]#
- 下载metrics-server:v0.4.1
- 下载,并推送到仓库
[root@master55 ~]# docker pull rancher/metrics-server:v0.4.1
v0.4.1: Pulling from rancher/metrics-server
e59bd8947ac7: Pull complete
cdbcff7dade2: Pull complete
Digest: sha256:b99989f8b6a18a838737a155e0b7fd0fa237e239034a6bc9b6330879ad001aa1
Status: Downloaded newer image for rancher/metrics-server:v0.4.1
docker.io/rancher/metrics-server:v0.4.1
[root@master55 ~]#
[root@master55 ~]# docker tag rancher/metrics-server:v0.4.1 dev-bj.hatech.com.cn/library/metrics-server:v0.4.1
[root@master55 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dev-bj.hatech.com.cn/library/metrics-server v0.4.1 9759a41ccdf0 24 months ago 60.5MB
rancher/metrics-server v0.4.1 9759a41ccdf0 24 months ago 60.5MB
[root@master90 ~]# docker push dev-bj.hatech.com.cn/library/metrics-server:v0.4.1
The push refers to repository [dev-bj.hatech.com.cn/library/metrics-server]
7f4d330f3490: Pushed
7a5b9c0b4b14: Pushed
v0.4.1: digest: sha256:2009bb9ca86e8bdfc035a37561cf062f3e051c35823a5481fbd13533ce402fac size: 739
[root@master55 ~]#
- kube-metrics-server文件编排
- 使用打完tag的镜像 dev-bj.hatech.com.cn/library/metrics-server:v0.4.1
[root@master55 ~]# vim kube-metrics-server.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
- --kubelet-use-node-status-port
image: dev-bj.hatech.com.cn/library/metrics-server:v0.4.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
periodSeconds: 10
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
- 执行安装
[root@master55 ~]# kubectl apply -f kube-metrics-server.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@master90 ~]#
- 查看节点资源使用情况
[root@master90 ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master55.sealer.hatech.com.cn 132m 3% 2491Mi 31%
slave56.sealer.hatech.com.cn 63m 1% 956Mi 12%
slave57.sealer.hatech.com.cn 66m 1% 937Mi 11%
- 查看 POD 资源使用情况
[root@master ~]# kubectl -n istorm-one-base top pod istorm-base-nacos-0
NAME CPU(cores) MEMORY(bytes)
istorm-base-nacos-0 57m 1040Mi
[root@master ~]#
