#(1)概述

Metrics API 只可以查询当前的度量数据,并不保存历史数据
Metrics server定时从Kubelet的Summary API(类似/ap1/v1/nodes/nodename/stats/summary)采集指标信息,这些聚合过的数据将存储在内存中,且以metric-api的形式暴露出去
参考文档: https://blog.csdn.net/u011230692/article/details/86441271

#(2)创建聚合层证书

1)创建ca配置文件

cat > aggregator-ca-config.json <<EOF
{
    "signing": {
        "default": {
            "expiry": "876000h"
        },
        "profiles": {
            "aggregator": {
                "usages": [
                        "signing",
                        "key encipherment",
                        "server auth",
                        "client auth"
                ],
                "expiry": "876000h"
            }
        }
    }
}
EOF

2)创建ca证书签名请求

cat > aggregator-ca-csr.json<<EOF
{
    "CN": "aggregator",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "Shanghai",
            "L": "Shanghai",
            "O": "k8s",
            "OU": "System"
        }
    ],
        "ca": {
             "expiry": "876000h"
        }
}
EOF

3)生成ca证书和私钥

cfssl gencert -initca aggregator-ca-csr.json | cfssljson -bare aggregator-ca

4)创建aggregator证书请求文件

cat >aggregator-csr.json<<EOF
{
        "CN": "aggregator",
        "hosts": [],
        "key": {
                "algo": "rsa",
                "size": 2048
        },
        "names": [
                {
                        "C": "CN",
                        "ST": "Shanghai",
                        "L": "Shanghai",
                        "O": "k8s",
                        "OU": "System"
                }
        ]
}
EOF

5)生成aggregator证书和私钥文件

 cfssl gencert -ca=aggregator-ca.pem -ca-key=aggregator-ca-key.pem -config=aggregator-ca-config.json -profile=aggregator aggregator-csr.json | cfssljson -bare aggregator

6)分发到master节点

scp aggregator*pem master01:/opt/kubernetes/ssl/
scp aggregator*pem master02:/opt/kubernetes/ssl/

#(3)开启聚合层api
1)修改master的kube-apiserver的启动脚本文件:

#vi /usr/lib/systemd/system/kube-apiserver.service , 
 注意:master没有安装kube-proxy 需要加上 --enable-aggregator-routing=true
--requestheader-allowed-names的值和CN的名字一样
--requestheader-client-ca-file=/opt/kubernetes/ssl/aggregator-ca.pem  \ 
--requestheader-allowed-names="aggregator" \
--requestheader-extra-headers-prefix="X-Remote-Extra-" \  
--requestheader-group-headers=X-Remote-Group   \
--requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file=/opt/kubernetes/ssl/aggregator.pem \  
--proxy-client-key-file=/opt/kubernetes/ssl/aggregator-key.pem \ 
--runtime-config=api/all=true  \
--enable-aggregator-routing=true 

2)修改master的kube-controller-manager.service

#vi  /usr/lib/systemd/system/kube-controller-manager.service
 --horizontal-pod-autoscaler-use-rest-clients=true

3)重启服务

systemctl daemon-reload 
systemctl restart kube-apiserver 
systemctl restart kube-controller-manager
systemctl status kube-apiserver 
systemctl status kube-controller-manager

(十)部署metric server组件

4)把修改过的服务启动文件发送给master02;

cd /usr/lib/systemd/system/
scp kube* master02:/usr/lib/systemd/system/

5)在master02上一样要重启服务

systemctl daemon-reload 
systemctl restart kube-apiserver 
systemctl restart kube-controller-manager
systemctl status kube-apiserver 
systemctl status kube-controller-manager

#(4)安装metric server
1)克隆

git clone https://gitee.com/love-docker/k8s.git

2)发布

cd k8s/v1.11/metric-server/
kubectl apply -f .

3)验证
(十)部署metric server组件

要注意, master的/var/log/messages日志不能出现相关metric server的错误日志
(十)部署metric server组件

一分钟后,度量服务器开始报告节点和 Pod 的 CPU 和内存使用情况。 查看 nodes 指标:
yum install jq -y
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes" | jq .
(十)部署metric server组件
查看 pods 指标:
(十)部署metric server组件

(十)部署metric server组件