容器资源需求、需求资源限制及HeapSter
容器的资源需求,资源限制
requests:需求,最低保障
limits:限制,硬限制,最多使用量
CPU:2核双线程可以虚拟为4颗cpu
1颗逻辑cpu
1=1000微核心,milllicores
内存: E/P/T/G/M/K
Ei/Pi/Ti/Gi...
Qos --- 服务质量:
- Guranteed:每个容器同时设置了CPU和Memory的requests和limits属性,同时满足 cpu.requestes=cpu.limits 且memory.requestes=memory.limits;优先级最高
- Burstable:至少有一个设置了CPU和Memory的requests属性;优先级为中级
- BestEffort:没有任何一个容器设置了reques或limits属性,优先级最低;
- 当资源不够用时,BestEffort属性的容器会首先被终止以满足更高级别的容器运行
- 同级别的容器会首先终止资源占用量比例大的; limits1G,实际使用500M 与 limit512M,实际使用500M,第二个容器会被干掉
♦ kubectl top xxxpod 获取资源使用量;依赖于资源指标搜集、存储工具
♦ cAdvisor kubelet内建组件,专门用来收集当前节点上各pod上各容器和节点级系统指标,功能开启后运行在4191端口
♦ HeapSter 专门收集cAdvisor采集到的数据,可以创建一个pod运行heapster,数据存储到influxDB,使用grfana接入influxDB展示历史数据
HeapSter+InfluxDB+Grafana:
Warming: heapster在1.12版本完全废弃了;从1.10版本开始将heapter替换为Metrics Server; 下面的安装方法是修改后的安装方案
下载 influxdb+headster+grafana配置文件 wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/grafana.yaml wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/heapster.yaml wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/influxdb.yaml 下载 headster rabc配置文件 wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
修改yaml文件:
influxdb.yaml:
1 apiVersion: apps/v1
2 kind: Deployment
3 metadata:
4 name: monitoring-influxdb
5 namespace: kube-system
6 spec:
7 replicas: 1
8 selector:
9 matchLabels:
10 task: monitoring
11 k8s-app: influxdb
12 template:
13 metadata:
14 labels:
15 task: monitoring
16 k8s-app: influxdb
17 spec:
18 containers:
19 - name: influxdb
20 image: k8s.gcr.io/heapster-influxdb-amd64:v1.5.2
21 volumeMounts:
22 - mountPath: /data
23 name: influxdb-storage
24 volumes:
25 - name: influxdb-storage
26 emptyDir: {}
27 ---
28 apiVersion: v1
29 kind: Service
30 metadata:
31 labels:
32 task: monitoring
33 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
34 # If you are NOT using this as an addon, you should comment out this line.
35 kubernetes.io/cluster-service: 'true'
36 kubernetes.io/name: monitoring-influxdb
37 name: monitoring-influxdb
38 namespace: kube-system
39 spec:
40 ports:
41 - port: 8086
42 targetPort: 8086
43 selector:
44 k8s-app: influxdb
heapter-rbac.yaml:
1 kind: ClusterRoleBinding
2 apiVersion: rbac.authorization.k8s.io/v1beta1
3 metadata:
4 name: heapster
5 roleRef:
6 apiGroup: rbac.authorization.k8s.io
7 kind: ClusterRole
8 name: system:heapster
9 subjects:
10 - kind: ServiceAccount
11 name: heapster
12 namespace: kube-system
13 ---
14 kind: ClusterRoleBinding
15 apiVersion: rbac.authorization.k8s.io/v1beta1
16 metadata:
17 name: heapster-kubelet-api
18 roleRef:
19 apiGroup: rbac.authorization.k8s.io
20 kind: ClusterRole
21 name: system:kubelet-api-admin
22 subjects:
23 - kind: ServiceAccount
24 name: heapster
25 namespace: kube-system
heapter.yaml:
1 apiVersion: v1
2 kind: ServiceAccount
3 metadata:
4 name: heapster
5 namespace: kube-system
6 ---
7 apiVersion: apps/v1
8 kind: Deployment
9 metadata:
10 name: heapster
11 namespace: kube-system
12 spec:
13 replicas: 1
14 selector:
15 matchLabels:
16 task: monitoring
17 k8s-app: heapster
18 template:
19 metadata:
20 labels:
21 task: monitoring
22 k8s-app: heapster
23 spec:
24 serviceAccountName: heapster
25 containers:
26 - name: heapster
27 image: k8s.gcr.io/heapster-amd64:v1.5.4
28 imagePullPolicy: IfNotPresent
29 command:
30 - /heapster
31 #- --source=kubernetes:https://kubernetes.default
32 #Because kubelet has https enabled, the following configuration requires an https port.modify to the next
33 - --source=kubernetes:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250&insecure=true
34 - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
35 ---
36 apiVersion: v1
37 kind: Service
38 metadata:
39 labels:
40 task: monitoring
41 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
42 # If you are NOT using this as an addon, you should comment out this line.
43 kubernetes.io/cluster-service: 'true'
44 kubernetes.io/name: Heapster
45 name: heapster
46 namespace: kube-system
47 spec:
48 ports:
49 - port: 80
50 targetPort: 8082
51 selector:
52 k8s-app: heapster
grafana.yaml:
1 apiVersion: apps/v1
2 kind: Deployment
3 metadata:
4 name: monitoring-grafana
5 namespace: kube-system
6 spec:
7 replicas: 1
8 selector:
9 matchLabels:
10 task: monitoring
11 k8s-app: grafana
12 template:
13 metadata:
14 labels:
15 task: monitoring
16 k8s-app: grafana
17 spec:
18 containers:
19 - name: grafana
20 image: k8s.gcr.io/heapster-grafana-amd64:v5.0.4
21 ports:
22 - containerPort: 3000
23 protocol: TCP
24 volumeMounts:
25 - mountPath: /etc/ssl/certs
26 name: ca-certificates
27 readOnly: true
28 - mountPath: /var
29 name: grafana-storage
30 env:
31 - name: INFLUXDB_HOST
32 value: monitoring-influxdb
33 - name: GF_SERVER_HTTP_PORT
34 value: "3000"
35 # The following env variables are required to make Grafana accessible via
36 # the kubernetes api-server proxy. On production clusters, we recommend
37 # removing these env variables, setup auth for grafana, and expose the grafana
38 # service using a LoadBalancer or a public IP.
39 - name: GF_AUTH_BASIC_ENABLED
40 value: "false"
41 - name: GF_AUTH_ANONYMOUS_ENABLED
42 value: "true"
43 - name: GF_AUTH_ANONYMOUS_ORG_ROLE
44 value: Admin
45 - name: GF_SERVER_ROOT_URL
46 # If you're only using the API Server proxy, set this value instead:
47 # value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
48 value: /
49 volumes:
50 - name: ca-certificates
51 hostPath:
52 path: /etc/ssl/certs
53 - name: grafana-storage
54 emptyDir: {}
55 ---
56 apiVersion: v1
57 kind: Service
58 metadata:
59 labels:
60 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
61 # If you are NOT using this as an addon, you should comment out this line.
62 kubernetes.io/cluster-service: 'true'
63 kubernetes.io/name: monitoring-grafana
64 name: monitoring-grafana
65 namespace: kube-system
66 spec:
67 # In a production setup, we recommend accessing Grafana through an external Loadbalancer
68 # or through a public IP.
69 # type: LoadBalancer
70 # You could also use NodePort to expose the service at a randomly-generated port
71 # type: NodePort
72 ports:
73 - port: 80
74 targetPort: 3000
75 type: NodePort #public access
76 selector:
77 k8s-app: grafana
kubectl apply -f influxdb.yaml kubectl apply -f heapster-rbac.yaml kubectl apply -f heapster.yaml kubectl apply -f grafana.yaml #应用之前需要把service中添加type: NodePort 这样才被被外部访问
kubectl get svc -n kube-system
最后就可以使用svc暴露出来的端口访问grafana图形界面了: http:://nodeip:30288
部署HeapSter之后就可以使用kubectl top 参看node系统信息了:
♦ Grafana可以区官方dashboard区下载已经设计好的面板然后导入