Kubernetes Metrics Server is a cluster-wide aggregator for resource usage data. Its job is to collect metrics from the summary API, Kubelet On each node. Resource troubleshooting metrics such as container CPU and memory usage are very useful when troubleshooting weird resource utilization. All of these metrics are available in Kubernetes via the Metrics API.
The Metrics API has the amount of resources currently used by a given node or given Pod. Because it does not store metric values, Metrics Server is used for this purpose. A deployment yamls file is provided for installation in the Metrics Server project source code.
Download the project source code from Github:
git clone https://github.com/kubernetes-sigs/metrics-server.git
Navigate to the project folder:
cd metrics-server
Set flag
Metrics Server supports all standard Kubernetes API server flags as well as standard Kubernetes glog Record sign. The most commonly used are:
-
--logtostderr: Log to standard error instead of a file in the container. You usually want to enable this feature. -
--v=: Set the log verbosity. Unless you encounter errors, it is usually best to run log levels 1 or 2. At log level 10, a large amount of diagnostic information will be reported, including the API request and response bodies, and Kubelet’s raw metrics. -
--secure-port=: Set a secure port. If you are not running as the root user, you need to set this to something other than the default (port 443). -
--tls-cert-file,--tls-private-key-file: Service certificate and key file. If not specified, a self-signed certificate will be generated. Use non-self-signed certificates in production. -
--kubelet-certificate-authority: The path of the CA certificate used to verify Kubelet’s service certificate.
Other signs that change the behavior of Metrics Server are:
-
--metric-resolution=: Time interval for capturing indicators from Kubelets (default is 60s). -
--kubelet-insecure-tls: Skip verifying Kubelet CA certificate. -
--kubelet-port: The port used to connect to the Kubelet (the default is the default secure Kubelet port 10250). -
--kubelet-preferred-address-types: Kubelet node address type should be considered when connecting to Kubelet.
Specify the order of node address types
I will modify the deployment manifest file to add the order in which different Kubelet node address types are considered when connecting to Kubelet.
vim deploy/1.8+/metrics-server-deployment.yaml
amend as below:
...............
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
args:
- --cert-dir=/tmp
- --secure-port=4443
-
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
Disable insecure CA certificate verification
If you are using a self-signed certificate, you can use the –kubelet-insecure-tls flag to skip verification of the Kubelet CA certificate.
...............
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
args:
- --cert-dir=/tmp
- --secure-port=4443
-
--kubelet-insecure-tls
-
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
Deploy Metrics Server to Kubernetes
After making the required customizations, deploy metrics-server in the Kubernetes cluster by running the following command from the top-level directory of the repository:
If you have multiple Kubernetes clusters, switch to the correct one: use kubectl and kubectx to easily manage multiple Kubernetes clusters.
Then run the command:
$
kubectl apply -f deploy/1.8+/
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
Check deployment, pod and service status:
$ kubectl get deployments metrics-server -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
metrics-server 1/1 1 1 72m
$ kubectl get pods -A | grep metrics-server
kube-system metrics-server-7bd949b8b6-mpmk9 1/1 Running 0 33m
$ kubectl get svc metrics-server -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
metrics-server ClusterIP 10.96.72.29
443/TCP 74m
Test Metric Server Installation
Used to show the resource usage of a node-CPU / Memory / Storage:
$ kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8smaster01.computingforgeeks.com 196m 4% 1053Mi 14%
k8sworker01.computingforgeeks.com 107m 2% 2080Mi 27%
k8sworker02.computingforgeeks.com 107m 2% 2080Mi 27%
k8sworker03.computingforgeeks.com 107m 2% 2080Mi 27%
We can do the same for podcasts-show metrics for all podcasts in the default namespace
$ kubectl top pods
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-5c45f5bd9f-dk8jp 1m 11Mi
kube-system calico-node-4h67w 32m 27Mi
kube-system calico-node-99vkm 35m 27Mi
kube-system calico-node-qdqb8 21m 27Mi
kube-system calico-node-sd9r8 21m 43Mi
kube-system coredns-6955765f44-d4g99 2m 12Mi
kube-system coredns-6955765f44-hqc4q 2m 11Mi
kube-system kube-proxy-h87zf 1m 12Mi
kube-system kube-proxy-lcnvx 1m 14Mi
kube-system kube-proxy-x6tfx 1m 16Mi
kube-system kube-proxy-xplz4 1m 16Mi
kube-system metrics-server-7bd949b8b6-mpmk9 1m 10Mi
More command option checks:
kubectl top pod --help
kubectl top node --help
Check out other Kubernetes guides:
How to manually pull out the container image used by Kubernetes kubeadm
Best books to learn Docker and Ansible automation
Create Kubernetes service / user account and restrict it to one namespace using RBAC
