Kubernetes之资源指标与HPA控制器
1. 资源指标及其应用
1. Metrics Server的特点
默认不可用,需要部署
基于内存存储,重启后数据将全部丢失,而且它仅能留存最近收集到的指标数据
Metrics Server在每个集群中仅会运行一个实例,启动时,它将自动初始化与个节点的连接,因此出于安全方面的考虑,它需要运行于普通节点而非Master主机之上。
2. 部署metrics-server
下载https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml
修改components.yaml的镜像文件
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: lizhenliang/metrics-server:v0.3.7
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- name: tmp-dir
mountPath: /tmp
nodeSelector:
kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: "Metrics-server"
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: metrics-server
ports:
- port: 443
protocol: TCP
targetPort: main-port
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
3. 基本资源配置清单完成相应资源的配置
kubectl apply -f components.yaml
4. 检验相应的API群组metrics.k8s.io是否出现在kubernetes集群的API群组列表
kubectl api-versions | grep metrics
5. 确认相关的pod对象运行是否正常
kubectl get pods -n kube-system | grep metrics
6. kubectl top命令
kubectl top pods 查看pod资源消耗
kubectl top nodes 查看node资源消耗
2. 自定义指标与Prometheus
1. 自定义指标适配器k8s-prometheus-adapter
3. 自动弹性缩放
1. 自动弹性伸缩工具
1. HPA
HPA 仅支持把CPU指标数据当做评估基准
HPAv2 支持把资源指标API和自定义指标API中获取的指标数据当做评估基准
2. CA
自动增减GCP,AWS或Azure集群上部署的k8s集群的节点数量
3. VPA
pod应用垂直伸缩工具
4. AR
简化版本的pod应用垂直伸缩工具
浙公网安备 33010602011771号