环境是使用二进制安装的,使用kubeadm则很难遇到这种情况
一、下载安装文件
1 2 | [root@k8s-master1 prometheus]# git clone https://github.com/coreos/kube-prometheus.git [root@k8s-master1 prometheus]# cd ./kube-prometheus/manifests/ |
二、修改yaml文件(开启nodeport,方便外网用户访问)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | [root@k8s-master1 manifests]# vim ./grafana-service.yaml apiVersion: v1 kind: Service metadata: labels: app: grafana name: grafana namespace: monitoring spec: type: NodePort #添加的内容 ports: - name: http port: 3000 targetPort: http nodePort: 30100 #添加的内容 selector: app: grafana [root@k8s-master1 manifests]# vim prometheus-service.yaml apiVersion: v1 kind: Service metadata: labels: prometheus: k8s name: prometheus-k8s namespace: monitoring spec: type: NodePort #添加的内容 ports: - name: web port: 9090 targetPort: web nodePort: 30200 #添加的内容 selector: app: prometheus prometheus: k8s #删除最后一行 [root@k8s-master1 manifests]# vim alertmanager-service.yaml apiVersion: v1 kind: Service metadata: labels: alertmanager: main name: alertmanager-main namespace: monitoring spec: type: NodePort #添加的内容 ports: - name: web port: 9093 targetPort: web nodePort: 30300 #添加的内容 selector: alertmanager: main app: alertmanager #删除最后一行 |
三、开启聚合层及HPA功能(入坑一)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | 不开启聚合层的报错内容大概是: I0514 16:31:41.896256 1 adapter.go:91] successfully using in-cluster auth F0514 16:31:42.216596 1 adapter.go:252] unable to install resource metrics API: cluster doesn't provide requestheader-client-ca-file [root@k8s-master1 ~]# vim /opt/kubernetes/cfg/kube-apiserver --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \ --requestheader-allowed-names=aggregator \ --requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-group-headers=X-Remote-Group \ --requestheader-username-headers=X-Remote-User \ --runtime-config=api/all=true \ --enable-aggregator-routing=true" [root@k8s-master1 ~]# vim /op t/kubernetes/cfg/kube-controller-manager --horizontal-pod-autoscaler-use-rest-clients=true" [root@k8s-node1 ~]# vim /opt/kubernetes/cfg/kubelet --authentication-token-webhook=true |
四、在master节点中安装kubelet kube-proxy,不然会报错(入坑二)
1 | 将master也作为一个node节点配置(配置方法相同与node相同,不然会显示安装失败),建议在安装集群的时候就安装上,而不是出现问题后在排查安装 |
五、在每台node节点中安装kube-apiserver组件(将node节点用到的证书拷贝到指定目录中,)(入坑三)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | #如果不执行此步骤,kubectl top node:只能查看master节点的信息 [root@k8s-master1 ~]# scp /opt/kubernetes/cfg/kube-apiserver [email protected]:/opt/kubernetes/cfg/ [root@k8s-master1 ~]# scp /opt/kubernetes/bin/kube-apiserver [email protected]:/opt/kubernetes/bin/ [root@k8s-master1 ~]# scp /usr/lib/systemd/system/kube-apiserver.service [email protected]:/usr/lib/systemd/system/ [root@k8s-master1 ~]# scp /opt/kubernetes/cfg/token.csv [email protected]:/opt/kubernetes/cfg/ [root@k8s-node1 ~]# vim /opt/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://192.168.100.10:2379,https://192.168.100.30:2379,https://192.168.100.40:2379 \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/opt/kubernetes/ssl/server.pem \ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/opt/etcd/ssl/ca.pem \ --etcd-certfile=/opt/etcd/ssl/server.pem \ --etcd-keyfile=/opt/etcd/ssl/server-key.pem \ --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \ --requestheader-allowed-names=aggregator \ --requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-group-headers=X-Remote-Group \ --requestheader-username-headers=X-Remote-User \ --proxy-client-cert-file=/opt/kubernetes/ssl/kube-proxy.pem \ --proxy-client-key-file=/opt/kubernetes/ssl/kube-proxy-key.pem \ --runtime-config=api/all=true \ --enable-aggregator-routing=true" [root@k8s-node1 ~]# systemctl restart kube-apiserver |
六、配置core-dns(入坑四)
内部组件需要dns的支持
链接:部署k8s组件(13):core-dns的作用和配置的方法
七、准备工作完成后,进入yaml文件的目录进行创建
1 2 | [root@k8s-master1 ~]# cd /root/helm/prometheus/kube-prometheus/manifests/ [root@k8s-master1 manifests]# kubectl apply -f ./* |
八、检查是否配置成功
1 2 3 4 5 | [root@k8s-master1 ~]# kubectl top nodes NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% 192.168.100.10 109m 5% 809Mi 42% 192.168.100.30 115m 5% 1264Mi 32% 192.168.100.40 121m 6% 1443Mi 37% |
1)查看非健康状态,如果没有则说明配置成功http://192.168.100.30:30200
2)查看生成的图像
九、登录到grafana(http://192.168.100.30:30100/login)
默认账户:admin
默认密码:admin
1)配置prometheus
2)测试是否能够否正常使用
3)导入插件
4)回到home,点击查看node节点图像
5)查看图像
十、如果遇到以下报错,需要使用以下命令解决(入坑五)
1 | Error from server (BadRequest): a container name must be specified for pod kube-state-metrics-56998d67b9-xcndn, choose one of: [kube-rbac-proxy-main kube-rbac-proxy-self kube-state-metrics addon-resizer] |
kubectl delete clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:kube-proxy
十一、配置dns时更改网络可能出现的问题(入坑六)
错误: A dependency job for kubelet.service failed. See ‘journalctl -xe’ for details
解决办法:
flannel或者是其他如calico程序启动失败导致
A dependency job for kubelet.service failed. See ‘journalctl -xe’ for details
[root@k8s-node2 ~]# systemctl restart flanneld
[root@k8s-node2 ~]# systemctl restart kubelet
1 |