備忘録のため、記載。
Kubectlのtopコマンドを利用可能とし、CPU使用率やMemory使用率のチェックを可能とする。
参考:
https://qiita.com/dingtianhongjie/items/a8ddc2d7f7b57291a13e
https://github.com/kubernetes-sigs/metrics-server
https://qiita.com/joe_hirata/items/0c4073f2cc39027d1c32
使用システム
$ kubectl version --short
Client Version: v1.18.3
Server Version: v1.18.2
metrics-serverのPodを構築するため、 components.yamlを入手する。
https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
このままでは、podは立ち上がるが、TLSで引っかかりエラーを履き続けるため、フラグを追加する。
--kubelet-preferred-address-types
--kubelet-insecure-tls
特に(kubelet-insecure-tls)の方は、テスト目的のみとすること。
上記のコンフィグを取り込んだcompornets.yamlは以下の通り。
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
+ command:
+ - /metrics-server
+ - --kubelet-insecure-tls
+ - --kubelet-preferred-address-types=InternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: "amd64"
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: main-port
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
metrics-serverのPod立ち上げを行う。
$ kubectl apply -f components.yaml
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
Podの立ち上げ確認
$ kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
coredns-66bff467f8-9gmw7 1/1 Running 2 60d
coredns-66bff467f8-wwhbn 1/1 Running 2 60d
etcd-blue 1/1 Running 2 60d
kube-apiserver-blue 1/1 Running 2 60d
kube-controller-manager-blue 1/1 Running 3 60d
kube-proxy-5665d 1/1 Running 3 60d
kube-proxy-576v5 1/1 Running 3 60d
kube-scheduler-blue 1/1 Running 2 60d
metrics-server-79497bd4fc-s6cfh 1/1 Running 0 6m11s
tiller-deploy-55fb98f875-ssdqd 1/1 Running 2 50d
weave-net-h8kfd 2/2 Running 5 60d
weave-net-sp8s5 2/2 Running 7 60d
ノードのチェックを実施
$ kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
blue 184m 4% 3244Mi 10%
green 67m 0% 1939Mi 6%
Podのチェックを実施
$ kubectl top pods
NAME CPU(cores) MEMORY(bytes)
nginx-deployment-5bf87f5f59-6jjgr 0m 2Mi
問題なく動作していることを確認した。