From 8743cc2d9267c1489c4c72112940ce01cdfd8fdb Mon Sep 17 00:00:00 2001 From: Terence DENG Date: Sun, 19 Feb 2023 20:25:30 +0800 Subject: [PATCH] Add metrics-server installation --- README.md | 6 + README_en.md | 6 + images.properties | 1 + kubernetes-metrics-server.yaml | 197 +++++++++++++++++++++++++++++++++ 4 files changed, 210 insertions(+) create mode 100644 kubernetes-metrics-server.yaml diff --git a/README.md b/README.md index 6c37e35..0b95a49 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,12 @@ Win: %UserProfile%\.kube\config 点击登陆,进入Kubernetes Dashboard +#### 部署 Kubernetes metrics server (可选) + +```shell +kubectl apply -f kubernetes-metrics-server.yaml +``` + ### 配置 Ingress 说明:如果测试 Istio,不需要安装 Ingress diff --git a/README_en.md b/README_en.md index 2eb3323..356e4ce 100644 --- a/README_en.md +++ b/README_en.md @@ -181,6 +181,12 @@ Mac: $HOME/.kube/config Click login, go to Kubernetes Dashboard +#### Install Kubernetes metrics server (Optional) + +```shell +kubectl apply -f kubernetes-metrics-server.yaml +``` + ### Config Ingress Note: If you are testing Istio, donot need to install Ingress diff --git a/images.properties b/images.properties index 87619b4..1c850d9 100644 --- a/images.properties +++ b/images.properties @@ -3,6 +3,7 @@ k8s.gcr.io/kube-controller-manager:v1.25.4=registry.cn-hangzhou.aliyuncs.com/goo k8s.gcr.io/kube-scheduler:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.25.4 k8s.gcr.io/kube-proxy:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.25.4 k8s.gcr.io/kube-apiserver:v1.25.4=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.25.4 +k8s.gcr.io/metrics-server/metrics-server:v0.6.2=registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.2 k8s.gcr.io/etcd:3.5.5-0=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.5-0 k8s.gcr.io/coredns/coredns:v1.9.3=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.9.3 registry.k8s.io/ingress-nginx/controller:v1.5.1=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1 diff --git a/kubernetes-metrics-server.yaml b/kubernetes-metrics-server.yaml new file mode 100644 index 0000000..26ee057 --- /dev/null +++ b/kubernetes-metrics-server.yaml @@ -0,0 +1,197 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 4443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100