容器的资源需求,资源限制
requests:需求,最低保障
limits:限制,硬限制,最多使用量
CPU:2核双线程可以虚拟为4颗cpu
1颗逻辑cpu
1=1000微核心,milllicores
内存: E/P/T/G/M/K
Ei/Pi/Ti/Gi...
Qos --- 服务质量:
- Guranteed:每个容器同时设置了CPU和Memory的requests和limits属性,同时满足 cpu.requestes=cpu.limits 且memory.requestes=memory.limits;优先级最高
- Burstable:至少有一个设置了CPU和Memory的requests属性;优先级为中级
- BestEffort:没有任何一个容器设置了reques或limits属性,优先级最低;
- 当资源不够用时,BestEffort属性的容器会首先被终止以满足更高级别的容器运行
- 同级别的容器会首先终止资源占用量比例大的; limits1G,实际使用500M 与 limit512M,实际使用500M,第二个容器会被干掉
♦ kubectl top xxxpod 获取资源使用量;依赖于资源指标搜集、存储工具
♦ cAdvisor kubelet内建组件,专门用来收集当前节点上各pod上各容器和节点级系统指标,功能开启后运行在4191端口
♦ HeapSter 专门收集cAdvisor采集到的数据,可以创建一个pod运行heapster,数据存储到influxDB,使用grfana接入influxDB展示历史数据
HeapSter+InfluxDB+Grafana:
Warming: heapster在1.12版本完全废弃了;从1.10版本开始将heapter替换为Metrics Server; 下面的安装方法是修改后的安装方案
下载 influxdb+headster+grafana配置文件 wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/grafana.yaml wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/heapster.yaml wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/influxdb/influxdb.yaml 下载 headster rabc配置文件 wget https://raw.githubusercontent.com/kubernetes-retired/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
修改yaml文件:
influxdb.yaml:
1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: monitoring-influxdb 5 namespace: kube-system 6 spec: 7 replicas: 1 8 selector: 9 matchLabels: 10 task: monitoring 11 k8s-app: influxdb 12 template: 13 metadata: 14 labels: 15 task: monitoring 16 k8s-app: influxdb 17 spec: 18 containers: 19 - name: influxdb 20 image: k8s.gcr.io/heapster-influxdb-amd64:v1.5.2 21 volumeMounts: 22 - mountPath: /data 23 name: influxdb-storage 24 volumes: 25 - name: influxdb-storage 26 emptyDir: {} 27 --- 28 apiVersion: v1 29 kind: Service 30 metadata: 31 labels: 32 task: monitoring 33 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) 34 # If you are NOT using this as an addon, you should comment out this line. 35 kubernetes.io/cluster-service: 'true' 36 kubernetes.io/name: monitoring-influxdb 37 name: monitoring-influxdb 38 namespace: kube-system 39 spec: 40 ports: 41 - port: 8086 42 targetPort: 8086 43 selector: 44 k8s-app: influxdbView Code
heapter-rbac.yaml:
1 kind: ClusterRoleBinding 2 apiVersion: rbac.authorization.k8s.io/v1beta1 3 metadata: 4 name: heapster 5 roleRef: 6 apiGroup: rbac.authorization.k8s.io 7 kind: ClusterRole 8 name: system:heapster 9 subjects: 10 - kind: ServiceAccount 11 name: heapster 12 namespace: kube-system 13 --- 14 kind: ClusterRoleBinding 15 apiVersion: rbac.authorization.k8s.io/v1beta1 16 metadata: 17 name: heapster-kubelet-api 18 roleRef: 19 apiGroup: rbac.authorization.k8s.io 20 kind: ClusterRole 21 name: system:kubelet-api-admin 22 subjects: 23 - kind: ServiceAccount 24 name: heapster 25 namespace: kube-systemView Code
heapter.yaml:
1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 name: heapster 5 namespace: kube-system 6 --- 7 apiVersion: apps/v1 8 kind: Deployment 9 metadata: 10 name: heapster 11 namespace: kube-system 12 spec: 13 replicas: 1 14 selector: 15 matchLabels: 16 task: monitoring 17 k8s-app: heapster 18 template: 19 metadata: 20 labels: 21 task: monitoring 22 k8s-app: heapster 23 spec: 24 serviceAccountName: heapster 25 containers: 26 - name: heapster 27 image: k8s.gcr.io/heapster-amd64:v1.5.4 28 imagePullPolicy: IfNotPresent 29 command: 30 - /heapster 31 #- --source=kubernetes:https://kubernetes.default 32 #Because kubelet has https enabled, the following configuration requires an https port.modify to the next 33 - --source=kubernetes:https://kubernetes.default?kubeletHttps=true&kubeletPort=10250&insecure=true 34 - --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086 35 --- 36 apiVersion: v1 37 kind: Service 38 metadata: 39 labels: 40 task: monitoring 41 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) 42 # If you are NOT using this as an addon, you should comment out this line. 43 kubernetes.io/cluster-service: 'true' 44 kubernetes.io/name: Heapster 45 name: heapster 46 namespace: kube-system 47 spec: 48 ports: 49 - port: 80 50 targetPort: 8082 51 selector: 52 k8s-app: heapsterView Code
grafana.yaml:
1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: monitoring-grafana 5 namespace: kube-system 6 spec: 7 replicas: 1 8 selector: 9 matchLabels: 10 task: monitoring 11 k8s-app: grafana 12 template: 13 metadata: 14 labels: 15 task: monitoring 16 k8s-app: grafana 17 spec: 18 containers: 19 - name: grafana 20 image: k8s.gcr.io/heapster-grafana-amd64:v5.0.4 21 ports: 22 - containerPort: 3000 23 protocol: TCP 24 volumeMounts: 25 - mountPath: /etc/ssl/certs 26 name: ca-certificates 27 readOnly: true 28 - mountPath: /var 29 name: grafana-storage 30 env: 31 - name: INFLUXDB_HOST 32 value: monitoring-influxdb 33 - name: GF_SERVER_HTTP_PORT 34 value: "3000" 35 # The following env variables are required to make Grafana accessible via 36 # the kubernetes api-server proxy. On production clusters, we recommend 37 # removing these env variables, setup auth for grafana, and expose the grafana 38 # service using a LoadBalancer or a public IP. 39 - name: GF_AUTH_BASIC_ENABLED 40 value: "false" 41 - name: GF_AUTH_ANONYMOUS_ENABLED 42 value: "true" 43 - name: GF_AUTH_ANONYMOUS_ORG_ROLE 44 value: Admin 45 - name: GF_SERVER_ROOT_URL 46 # If you're only using the API Server proxy, set this value instead: 47 # value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy 48 value: / 49 volumes: 50 - name: ca-certificates 51 hostPath: 52 path: /etc/ssl/certs 53 - name: grafana-storage 54 emptyDir: {} 55 --- 56 apiVersion: v1 57 kind: Service 58 metadata: 59 labels: 60 # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) 61 # If you are NOT using this as an addon, you should comment out this line. 62 kubernetes.io/cluster-service: 'true' 63 kubernetes.io/name: monitoring-grafana 64 name: monitoring-grafana 65 namespace: kube-system 66 spec: 67 # In a production setup, we recommend accessing Grafana through an external Loadbalancer 68 # or through a public IP. 69 # type: LoadBalancer 70 # You could also use NodePort to expose the service at a randomly-generated port 71 # type: NodePort 72 ports: 73 - port: 80 74 targetPort: 3000 75 type: NodePort #public access 76 selector: 77 k8s-app: grafanaView Code
kubectl apply -f influxdb.yaml kubectl apply -f heapster-rbac.yaml kubectl apply -f heapster.yaml kubectl apply -f grafana.yaml #应用之前需要把service中添加type: NodePort 这样才被被外部访问
kubectl get svc -n kube-system
最后就可以使用svc暴露出来的端口访问grafana图形界面了: http:://nodeip:30288
部署HeapSter之后就可以使用kubectl top 参看node系统信息了:
♦ Grafana可以区官方dashboard区下载已经设计好的面板然后导入