部署和配置 Metrics-Server,Metrics-Server 是 Kubernetes 中一个关键组件,负责收集集群中节点和 Pod 的资源使用数据,如 CPU 和内存利用率等。Metrics-Server 作为 Kubernetes Horizontal Pod Autoscaler (HPA) 和 Vertical Pod Autoscaler (VPA) 等组件的依赖,用于自动扩展或收缩 Pod。
以下配置文件是一个完整的 Kubernetes Metrics-Server配置清单配置示例:
# metrics-server-components.yaml
# ServiceAccount (服务账户),创建一个名为 metrics-server 的服务账户,位于 kube-system 命名空间中。
# 服务账户用于控制该组件访问 Kubernetes API 的权限
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
# ClusterRole (集群角色),定义一个 ClusterRole,允许 metrics-server 读取 metrics.k8s.io API
# 组中的 Pod 和节点的度量数据
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
# ClusterRoleBinding:将 system:auth-delegator 角色绑定到 metrics-server 服务账户上,这允许 metrics-server 代理认证请求。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
# Service:定义了一个 Kubernetes 服务,命名为 metrics-server,它在 kube-system 命名空间中运行。该服务监听 443 端口,
# 并将流量转发到目标容器的 https 端口。服务的选择器 k8s-app: metrics-server 确保流量被路由到相应的 metrics-server Pod
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
# 配置了 metrics-server 的 Deployment,包括使用的镜像、启动参数、健康检查探针(livenessProbe 和 readinessProbe)等。
# 通过这些配置,metrics-server 可以在 Kubernetes 集群中运行,并周期性地从各节点收集资源使用数据
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-use-node-status-port
- --v=2
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
image: bitnami/metrics-server
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
periodSeconds: 10
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
# 对外提供的 API 服务的注册信息,Kubernetes 的 API 聚合层通过该配置知道如何路由到 metrics-server
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
Kubernetes 中的 HPA(Horizontal Pod Autoscaler)是水平 Pod 自动扩缩器,用于根据资源使用情况(例如 CPU 或内存)自动调整运行中的 Pod 数量,以保证应用程序在负载变化时能够灵活伸缩,达到资源的最佳利用率和应用的高可用性。
提高应用可用性:通过在流量高峰期扩展 Pod 数量,HPA 能帮助维持应用的稳定运行,并在流量回落时减少 Pod 数量,从而提高资源利用效率。
HPA 定期通过 Kubernetes API 服务器获取当前 Pod 的资源使用情况(如 CPU、内存等),并将这些数据与预先定义的目标值(例如,期望的 CPU 使用率)进行比较。如果当前使用率高于目标值,HPA 会增加 Pod 数量;如果低于目标值,HPA 会减少 Pod 数量。
以下是一个简单的 HPA 配置示例:
# xxxx-hpa.yaml
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
namespace: xxx-ns
name: xxx-mcservice1-hpa-v2
spec:
minReplicas: 1
maxReplicas: 5
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
# 目标pod名称
name: mcservice1-pod
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 90
- type: Resource
resource:
name: memory
targetAverageUtilization: 90
以上两份 YAML 配置文件通过定义服务账户、角色、角色绑定、服务、部署以及 API 服务,完整地配置并部署了 Kubernetes 集群中的 metrics-server,确保它能够正常运行并为集群提供实时的资源监控数据。